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1. Getting Started 



1.1 Use the Current Stable Version (5.6) 

If you are getting started with PHP, start with the current stable release of PHP 5.6 1 . PHP has added powerful 
new features over the last few years. Though the incremental version number difference between 5.2 and 5.6 
is small, it represents major improvements. If you are looking for a function or its usage, the documentation 
on the php.net 2 website will have the answer. 

1.2 Built-in web server 

With PHP 5.4 or newer, you can start learning PHP without installing and configuring a full-fledged web 
server. To start the server, run the following command from your terminal in your project's web root: 

1 > php -S localhost:8000 

• Learn about the built-in, command line web server 3 

1.3 Mac Setup 

OS X comes prepackaged with PHP but it is normally a little behind the latest stable. Mountain Lion has 
5.3.10, Mavericks has 5.4.17 and Yosemite has 5.5.9, but with PHP 5.6 out that is often not good enough. 

There are multiple ways to install PHP on OS X. 

Install PHP via Homebrew 

Homebrew 4 is a powerful package manager for OS X, which can help you install PHP and various extensions 
easily. Homebrew PHP 5 is a repository that contains PHP-related "formulae" for Homebrew, and will let you 
install PHP. 

At this point, you can install php53, php54, php55 or php56 using the brew install command, and switch 
between them by modifying your PATH variable. 

'httpV/php. net/downloads. php 
2 http://php.net/ manual/ 

3 http://php. net/features, commandline. webserver 
4 htrp://brew.sh/ 

5 https://github.com/Homebrew/homebrew-php#installation 
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Install PHP via phpbrew 

phpbrew 6 is a tool for installing and managing multiple PHP versions. This can be really useful if two different 
applications/projects require different versions of PHP, and you are not using virtual machines. 

Compile from Source 

Another option that gives you control over the version of PHP you install, is to compile it yourself 7 . In that case 
be sure to have installed either Xcode 8 or Apple's substitute "Command Line Tools for XCode" 9 downloadable 
from Apple's Mac Developer Center. 

All-in-One Installers 

The solutions listed above mainly handle PHP itself, and do not supply things like Apache, Nginx or a SQL 
server. "All-in-one" solutions such as MAMP 10 and XAMPP 11 will install these other bits of software for you 
and tie them all together, but ease of setup comes with a trade-off of flexibility. 

1.4 Windows Setup 

PHP is available in several ways for Windows. You can download the binaries 12 and until recently you could 
use a '.msi' installer. The installer is no longer supported and stops at PHP 5.3.0. 

For learning and local development you can use the built in webserver with PHP 5.4+ so you don't need 
to worry about configuring it. If you would like an "all-in-one" which includes a full-blown webserver and 
MySQL too then tools such as the Web Platform Installer 13 , Zend Server CE 14 , XAMPP 15 , EasyPHP 16 and 
WAMP 17 will help get a Windows development environment up and running fast. That said, these tools will 
be a little different from production so be careful of environment differences if you are working on Windows 
and deploying to Linux. 

If you need to run your production system on Windows then IIS7 will give you the most stable and best 
performance. You can use phpmanager 18 (a GUI plugin for IIS7) to make configuring and managing PHP 
simple. IIS7 comes with FastCGI built in and ready to go, you just need to configure PHP as a handler. For 
support and additional resources there is a dedicated area on iis.net 19 for PHP. 

6 https://github.com/phpbrew/phpbrew 

7 http://php. net/install, macosx. compile 

8 https://github.com/kennethreitz/osx-gcc-installer 

'https://developer.apple.com/downloads 
10 http://www.mamp. info/en/downloads/ 
"http^/www.apachefriends.org/en/xampp.html 
12 http://windows. php.net 

13 http://www.microsoft.com/web/downloads/platform.aspx 

14 http://www.zend.com/en/products/server-ce/ 

l5 http://www.apachefriends.org/en/xampp.html 

1 6 http://www. easyphp .org/ 

17 http://www. wampserver.com/en/ 

18 http://phpmanager.codeplex.com/ 

19 http://php.iis.net/ 
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The PHP community is large and diverse, composed of innumerable libraries, frameworks, and components. 
It is common for PHP developers to choose several of these and combine them into a single project. It is 
important that PHP code adhere (as close as possible) to a common code style to make it easy for developers 
to mix and match various libraries for their projects. 

The Framework Interop Group 1 has proposed and approved a series of style recommendations. Not all of them 
related to code-style, but those that do are PSR-0 2 , PSR-1 3 , PSR-2 4 and PSR-4 5 . These recommendations are 
merely a set of rules that some projects like Drupal, Zend, Symfony, CakePHP, phpBB, AWS SDK, FuelPHP, 
Lithium, etc are starting to adopt. You can use them for your own projects, or continue to use your own 
personal style. 

Ideally you should write PHP code that adheres to a known standard. This could be any combination of PSR's, 
or one of the coding standards made by PEAR or Zend. This means other developers can easily read and work 
with your code, and applications that implement the components can have consistency even when working 
with lots of third-party code. 

. Read about PSR-0 6 

. Read about PSR-1 7 

. Read about PSR-2 8 

• Read about PSR-4 9 

. Read about PEAR Coding Standards 10 

• Read about Zend Coding Standards 11 

• Read about Symfony Coding Standards 12 

You can use PHP_CodeSniffer 13 to check code against any one of these recommendations, and plugins for text 
editors like Sublime Text 2 14 to be given real time feedback. 

You can fix the code layout automatically by using one of the two possible tools. One is Fabien Potencier's PHP 
Coding Standards Fixer 15 which has a very well tested codebase. It is bigger and slower, but very stable and 

'http^/www.php-fig.org/ 

2 https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md 

3 https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-l-basic-coding-standard.md 
4 https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style- guide, md 
5 https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4- autoloader. md 
6 https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md 

7 https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-l-basic-coding-standard.md 
8 https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style- guide. md 
'https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader.md 
lo http://pear.php. net/manual/en/standards. php 

11 http://framework.zend.com/wiki/display/ZFDEV2/Coding+Standards 

12 http://symfony.com/doc/current/contributing/code/standards.html 

13 http://pear.php.net/package/PHP_CodeSniffer/ 

14 https://github.com/benmatselby/sublime-phpcs 

15 http://cs. sensiolabs.org/ 
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used by some huge projects like Magento and Symfony. Another option is php.tools 16 , which is made popular 
by the sublime-phpfmt 17 editor plugin. While being newer, it makes great improvements in performance, 
meaning real-time editor fixing is more fluid. 

English is preferred for all symbol names and code infrastructure. Comments may be written in any language 
easily readable by all current and future parties who may be working on the codebase. 

l6 https://github.com/dericofilho/php.tools 
17 https://github.com/dericofilho/sublime-phpfmt 



3. Language Highlights 



3.1 Programming Paradigms 

PHP is a flexible, dynamic language that supports a variety of programming techniques. It has evolved 
dramatically over the years, notably adding a solid object-oriented model in PHP 5.0 (2004), anonymous 
functions and namespaces in PHP 5.3 (2009), and traits in PHP 5.4 (2012). 

Object-oriented Programming 

PHP has a very complete set of object-oriented programming features including support for classes, abstract 
classes, interfaces, inheritance, constructors, cloning, exceptions, and more. 

• Read about Object-oriented PHP 1 

• Read about Traits 2 

Functional Programming 

PHP supports first-class function, meaning that a function can be assigned to a variable. Both user-defined 
and built-in functions can be referenced by a variable and invoked dynamically. Functions can be passed as 
arguments to other functions (feature called Higher-order functions) and function can return other functions. 

Recursion, a feature that allows a function to call itself, is supported by the language, but most of the PHP 
code focus on iteration. 

New anonymous functions (with support for closures) are present since PHP 5.3 (2009). 

PHP 5.4 added the ability to bind closures to an object's scope and also improved support for callables such 
that they can be used interchangeably with anonymous functions in almost all cases. 

• Continue reading on Functional Programming in PHP 3 

• Read about Anonymous Functions 4 

• Read about the Closure class 5 

• More details in the Closures RFC 6 

• Read about Callables 7 

• Read about dynamically invoking functions with cal l_user_func_array( ) 8 

'httpV/php. net/language. oop5 
2 http://php. net/language. oop5. traits 

3 http://phptherightway.com/pages/Functional- Programming, html 

4 http://php. net/functions. anonymous 

5 http://php. net/class, closure 

6 https://wiki.php.net/rfc/closures 

7 http://php. net/language, types, callable 

8 http://php.net/function.call- user- func- array 
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Meta Programming 

PHP supports various forms of meta-programming through mechanisms like the Reflection API and Magic 

Methods. There are many Magic Methods available like get( ), set( ), clone( ), toString( ), - 

i n voke ( ) , etc. that allow developers to hook into class behavior. Ruby developers often say that PHP is lacking 
method_missing, but it is available as call( ) and cal lStatic( ). 

• Read about Magic Methods 9 

• Read about Reflection 10 

• Read about Overloading 11 



3.2 Namespaces 

As mentioned above, the PHP community has a lot of developers creating lots of code. This means that one 
library's PHP code may use the same class name as another library. When both libraries are used in the same 
namespace, they collide and cause trouble. 

Namespaces solve this problem. As described in the PHP reference manual, namespaces may be compared 
to operating system directories that namespace files; two files with the same name may co-exist in separate 
directories. Likewise, two PHP classes with the same name may co-exist in separate PHP namespaces. It's as 
simple as that. 

It is important for you to namespace your code so that it may be used by other developers without fear of 
colliding with other libraries. 

One recommended way to use namespaces is outlined in PSR-4 12 , which aims to provide a standard file, class 
and namespace convention to allow plug-and-play code. 

In October 2014 the PHP-FIG deprecated the previous autoloading standard: PSR-0 13 , which has been replaced 
with PSR-4 14 . Currently both are still usable, as PSR-4 requires PHP 5.3 and many PHP 5.2-only projects 
currently implement PSR-0. If you're going to use an autoloader standard for a new application or package 
then you almost certainly want to look into PSR-4. 

• Read about Namespaces 15 

• Read about PSR-0 16 

• Read about PSR-4 17 

'http://php.net/language.oop5.magic 
lo http://php.net/intro. reflection 
"http://php. net/language. oop5. overloading 

12 https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4- autoloader. md 
13 https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md 
14 https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4- autoloader, md 
l5 http://php.net/language.namespaces 

l6 https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md 
l7 https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4- autoloader, md 
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3.3 Standard PHP Library 

The Standard PHP Library (SPL) is packaged with PHP and provides a collection of classes and interfaces. It 
is made up primarily of commonly needed datastructure classes (stack, queue, heap, and so on), and iterators 
which can traverse over these datastructures or your own classes which implement SPL interfaces. 

. Read about the SPL 18 

3.4 Command Line Interface 

PHP was created to write web applications, but is also useful for scripting command line interface (CLI) 
programs. Command line PHP programs can help automate common tasks like testing, deployment, and 
application administrivia. 

CLI PHP programs are powerful because you can use your app's code directly without having to create and 
secure a web GUI for it. Just be sure not to put your CLI PHP scripts in your public web root! 

Try running PHP from your command line: 
> php -i 

The - i option will print your PHP configuration just like the phpinfo( ) 19 function. 

The -a option provides an interactive shell, similar to ruby's IRB or python's interactive shell. There are a 
number of other useful command line options 20 , too. 

Let's write a simple "Hello, $name" CLI program. To try it out, create a file named hel lo. php, as below. 
<?php 

if ($argc != 2) { 

echo "Usage: php hello. php [name].\n"; 
exit(l); 

} 

$name = $argv[l] ; 
echo "Hello, $name\n"; 

PHP sets up two special variables based on the arguments your script is run with. $argc 21 is an integer variable 
containing the argument count and $argv 22 is an array variable containing each argument's value. The first 
argument is always the name of your PHP script file, in this case hel lo . php. 

The exit() expression is used with a non-zero number to let the shell know that the command failed. 
Commonly used exit codes can be found here 23 . 

To run our script, above, from the command line: 

18 http://php. net/book. spl 
19 http://php.net/function.phpmfo 
20 http://php. net/features, commandline. options 
21 http://php.net/reserved.variables.argc 
22 http://php.net/reserved.variables.argv 

23 http://www.gsp.com/cgi-bin/man.cgi?section=3&topic=sysexits 
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> php hello. php 

Usage: php hello. php [name] 

> php hello. php world 
Hello, world 

• Learn about running PHP from the command line 24 

• Learn about setting up Windows to run PHP from the command line 25 

3.5 Xdebug 

One of the most useful tools in software development is a proper debugger. It allows you to trace the execution 
of your code and monitor the contents of the stack. Xdebug, PHP's debugger, can be utilized by various IDEs 
to provide Breakpoints and stack inspection. It can also allow tools like PHPUnit and KCacheGrind to perform 
code coverage analysis and code profiling. 

If you find yourself in a bind, willing to resort to var_dump( )/print_r( ), and you still can't find the solution 
- maybe you need to use the debugger. 

Installing Xdebug 26 can be tricky, but one of its most important features is "Remote Debugging" - if you 
develop code locally and then test it inside a VM or on another server, Remote Debugging is the feature that 
you will want to enable right away. 

Traditionally, you will modify your Apache VHost or .htaccess file with these values: 

1 php_value xdebug . remote_host=192 . 168 .?. ? 

2 php_value xdebug . remote_port=9000 

The "remote host" and "remote port" will correspond to your local computer and the port that you configure 
your IDE to listen on. Then it's just a matter of putting your IDE into "listen for connections" mode, and 
loading the URL: 

1 http : //your- websi te . exampl e . com/ index. php ?XDEBUG_SESSION_START=i 

Your IDE will now intercept the current state as the script executes, allowing you to set breakpoints and probe 
the values in memory. 

Graphical debuggers make it very easy to step through code, inspect variables, and eval code against the live 
runtime. Many IDE's have built-in or plugin-based support for graphical debugging with Xdebug. MacGDBp 
is a free, open-source, stand-alone Xdebug GUI for Mac. 

• Learn more about Xdebug 27 

• Learn more about MacGDBp 28 



'http://php.net/features.commandline 
'http://php.net/install.windows.commandline 
'http://xdebug.org/docs/install 
http://xdebug.org/docs/ 

tap://www.bluestatic.org/software/macgdbp/ 



4. Dependency Management 



There are a ton of PHP libraries, frameworks, and components to choose from. Your project will likely use 
several of them a€" these are project dependencies. Until recently, PHP did not have a good way to manage 
these project dependencies. Even if you managed them manually, you still had to worry about autoloaders. 
That is no longer an issue. 

Currently there are two major package management systems for PHP - Composer 1 and PEAR 2 . Composer is 
the main package manager to use for PHP, however for a long time PEAR used to fill that role. Knowing what 
PEAR is will be a good idea as you may still find references to it, even if you never use it. 

4.1 Composer and Packagist 

Composer is a brilliant dependency manager for PHP. List your project's dependencies in a composer . json 
file and, with a few simple commands, Composer will automatically download your project's dependencies 
and setup autoloading for you. 

There are already a lot of PHP libraries that are compatible with Composer, ready to be used in your project. 
These "packages" are listed on Packagist 3 , the official repository for Composer-compatible PHP libraries. 

How to Install Composer 

You can install Composer locally (in your current working directory; though this is no longer recommended) 
or globally (e.g. /usr/local/bin). Let's assume you want to install Composer locally. From your project's root 
directory: 

1 curl -s https://getcomposer.org/installer | php 

This will download composer . phar (a PHP binary archive). You can run this with php to manage your project 
dependencies. If you pipe downloaded code directly into an interpreter, please read the code online first to 
confirm it is safe. 

Installing on Windows 

For Windows users the easiest way to get up and running is to use the ComposerSetup 4 installer, which 
performs a global install and sets up your $PATH so that you can just call composer from any directory in your 
command line. 

V#composer_and_packagist 
2 /#pear 

3 http://packagist.org/ 

"https://getcomposer.org/Composer-Setup.exe 
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How to Install Composer (manually) 

Manually installing Composer is an advanced technique; however, there are various reasons why a developer 
might prefer this method vs. using the interactive installation routine. The interactive installation checks your 
PHP installation to ensure that: 

• a sufficient version of PHP is being used 

• . phar files can be executed correctly 

• certain directory permissions are sufficient 

• certain problematic extensions are not loaded 

• certain php. ini settings are set 

Since a manual installation performs none of these checks, you have to decide whether the trade-off is worth 
it for you. As such, below is how to obtain Composer manually: 

1 curl -s https://getcomposer.org/composer.phar -o $HOME/local/bin/composer 

2 chmod +x $HOME/local/bin/composer 

The path $HOME/local/bin (or a directory of your choice) should be in your $PATH environment variable. This 
will result in a composer command being available. 

When you come across documentation that states to run Composer as php composer . phar instal 1, you can 
substitute that with: 

1 composer install 

This section will assume you have installed composer globally. 

How to Define and Install Dependencies 

Composer keeps track of your project's dependencies in a file called composer . json. You can manage it by 
hand if you like, or use Composer itself. The composer require command adds a project dependency and if 
you don't have a composer . json file, one will be created. Here's an example that adds Twig 5 as a dependency 
of your project. 

1 composer require twig/twig : ~1 . 8 

Alternatively the composer init command will guide you through creating a full composer . json file for 
your project. Either way, once you've created your composer . json file you can tell Composer to download 
and install your dependencies into the vendor/ directory. This also applies to projects you've downloaded 
that already provide a composer . json file: 



5 http://twig. sensiolabs.org 
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1 composer install 

Next, add this line to your application's primary PHP file; this will tell PHP to use Composer's autoloader for 
your project dependencies. 

1 <?php 

2 require ' vendor/autoload . php ' ; 

Now you can use your project dependencies, and they'll be autoloaded on demand. 

Updating your dependencies 

Composer creates a file called composer . lock which stores the exact version of each package it downloaded 
when you first ran composer instal 1 . If you share your project with other coders and the composer . lock file 
is part of your distribution, when they run composer i nsta 1 1 they'll get the same versions as you. To update 
your dependencies, run composer update. 

This is most useful when you define your version requirements flexibly. For instance a version requirement 
of ~1 .8 means "anything newer than 1.8.0, but less than 2.0.x-dev". You can also use the * wildcard as 
in 1.8.*. Now Composer's composer update command will upgrade all your dependencies to the newest 
version that fits the restrictions you define. 

Update Notifications 

To receive notifications about new version releases you can sign up for VersionEye 6 , a web service that can 
monitor your GitHub and BitBucket accounts for composer . j son files and send emails with new package 
releases. 

Checking your dependencies for security issues 

The Security Advisories Checker 7 is a web service and a command-line tool, both will examine your 
composer . lock file and tell you if you need to update any of your dependencies. 

Handling global dependencies with Composer 

Composer can also handle global dependencies and their binaries. Usage is straight-forward, all you need to 
do is prefix your command with global . If per example you wanted to install PHPUnit and have it available 
globally, you'd run the following command: 

1 composer global require phpunit/phpunit 

This will create a ~/ . composer folder where your global dependencies reside. To have the installed packages' 
binaries available everywhere, you'd then add the ~/ . composer /vendor /bin folder to your $PATH variable. 

• Learn about Composer 8 

6 https://www. versioneye.com/ 
7 https://security. sensiolabs.org/ 
8 http://getcomposer.org/doc/00-intro.md 
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4.2 PEAR 

A veteran package manager that some PHP developers enjoy is PEAR 9 . It behaves similarly to Composer, but 
has some notable differences. 

PEAR requires each package to have a specific structure, which means that the author of the package must 
prepare it for usage with PEAR. Using a project which was not prepared to work with PEAR is not possible. 

PEAR installs packages globally, which means after installing them once they are available to all projects on 
that server. This can be good if many projects rely on the same package with the same version but might lead 
to problems if version conflicts between two projects arise. 

How to install PEAR 

You can install PEAR by downloading the . phar installer and executing it. The PEAR documentation has 
detailed install instructions 10 for every operating system. 

If you are using Linux, you can also have a look at your distribution package manager. Debian and Ubuntu, 
for example, have an apt php-pear package. 

How to install a package 

If the package is listed on the PEAR packages list 11 , you can install it by specifying the official name: 

1 pear install foo 

If the package is hosted on another channel, you need to discover the channel first and also specify it when 
installing. See the Using channel docs 12 for more information on this topic. 

. Learn about PEAR 13 



Handling PEAR dependencies with Composer 

If you are already using Composer 14 and you would like to install some PEAR code too, you can use Composer 
to handle your PEAR dependencies. This example will install code from pear2 . php . net: 



'http://pear.php.net/ 

10 http://pear.php.net/manual/en/installation.getting.php 
"httpV/pear.php.net/packages.php 

12 http://pear.php.net/manual/en/guide. users, commandline. channels, php 

13 http://pear.php.net/ 

1 4 /#composer_and_packagist 
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1 { 



2 "repositories" : [ 

3 { 

4 "type" : "pear" , 

5 "url": "http://pear2.php.net" 

6 } 

7 ], 

8 "require" : { 

9 "pear-pear2/PEAR2_Text_Markdown" : "*", 

10 "pear-pear2/PEAR2_HTTP_Request" : "*" 

11 } 



12 } 

The first section "repositories" will be used to let Composer know it should "initialize" (or "discover" in 
PEAR terminology) the pear repo. Then the require section will prefix the package name like this: 

pear-channel/Package 

The "pear" prefix is hardcoded to avoid any conflicts, as a pear channel could be the same as another packages 
vendor name for example, then the channel short name (or full URL) can be used to reference which channel 
the package is in. 

When this code is installed it will be available in your vendor directory and automatically available through 
the Composer autoloader: 

vendor/pear-pear2. php.net/PEAR2_HTTP_Request/pear2/HTTP/Request.php 

To use this PEAR package simply reference it like so: 

1 <?php 

2 $request = new pear2\HTTP\Request( ) ; 

• Learn more about using PEAR with Composer 15 



15 http://getcomposer.org/doc/05-repositories.md#pear 



5. Coding Practices 



5.1 The Basics 

PHP is a vast language that allows coders of all levels the ability to produce code not only quickly, but 
efficiently. However while advancing through the language, we often forget the basics that we first learnt (or 
overlooked) in favor of short cuts and/or bad habits. To help combat this common issue, this section is aimed 
at reminding coders of the basic coding practices within PHP. 

• Continue reading on The Basics 1 

5.2 Date and Time 

PHP has a class named DateTime to help you when reading, writing, comparing or calculating with date and 
time. There are many date and time related functions in PHP besides DateTime, but it provides nice object- 
oriented interface to most common uses. It can handle time zones, but that is outside this short introduction. 

To start working with DateTime, convert raw date and time string to an object with createFromFormat( ) 
factory method or do new DateTime to get the current date and time. Use format() method to convert 
DateTime back to a string for output. 

1 <?php 

2 $raw = '22. 11 . 1968' ; 

3 $start = DateTime :: createFromFormat( ' d . m. Y', $raw); 
4 

5 echo 'Start date: ' . $start- > format( ' Y-m-d ' ) . "\n"; 



Calculating with DateTime is possible with the Datelnterval class. DateTime has methods like add ( ) and sub ( ) 
that take a Datelnterval as an argument. Do not write code that expect same number of seconds in every 
day, both daylight saving and timezone alterations will break that assumption. Use date intervals instead. 
To calculate date difference use the diff( ) method. It will return new Datelnterval, which is super easy to 
display. 



'httpV/phptherightway.com/pages/The- Basics.html 
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1 <?php 

2 // create a copy of $start and add one month and 6 days 

3 $end = clone $start; 

4 $end->add(new Date Interval ( ' P1M6D ' ) ) ; 

5 

6 $diff = $end->diff($start); 

7 echo 'Difference: ' . $di f f - > format( ' %m month, %d days (total: %a days)') . "\n"; 

8 // Difference: 1 month, 6 days (total: 37 days) 

On DateTime objects you can use standard comparison: 

1 <?php 

2 if ($start < $end) { 

3 echo "Start is before end!\n"; 

4 } 

One last example to demonstrate the DatePeriod class. It is used to iterate over recurring events. It can take 
two DateTime objects, start and end, and the interval for which it will return all events in between. 

1 <?php 

2 // output all thursdays between $start and $end 

3 $per iodlnterval = Datelnterval :: createFromDateString( ' first thursday'); 

4 $period Iterator = new DatePeriod($start, Iperiodlnterval , $end, DatePeriod :: EXCLUDE_START_\ 

5 DATE ) ; 

6 foreach (Iperiodlterator as $date) { 

7 // output each date in the period 

8 echo $date- > format( ' Y-m-d ' ) . ' '; 

9 } 

• Read about DateTime 2 

• Read about date formatting 3 (accepted date format string options) 

5.3 Design Patterns 

When you are building your application it is helpful to use common patterns in your code and common 
patterns for the overall structure of your project. Using common patterns is helpful because it makes it much 
easier to manage your code and lets other developers quickly understand how everything fits together. 

If you use a framework then most of the higher level code and project structure will be based on that 
framework, so a lot of the pattern decisions are made for you. But it is still up to you to pick out the best 
patterns to follow in the code you build on top of the framework. If, on the other hand, you are not using 
a framework to build your application then you have to find the patterns that best suit the type and size of 
application that you're building. 



2 http://php. net/book. datetime 
3 http://php.net/function.date 
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• Continue reading on Design Patterns 4 

5.4 Working with UTF-8 

This section was originally written by Alex CabaP over at PHP Best Practices 6 and has been used as the basis 
for our own UTF-8 advice. 

There's no one-liner. Be careful, detailed, and consistent. 

Right now PHP does not support Unicode at a low level. There are ways to ensure that UTF-8 strings are 
processed OK, but it's not easy, and it requires digging in to almost all levels of the web app, from HTML to 
SQL to PHP. We'll aim for a brief, practical summary. 

UTF-8 at the PHP level 

The basic string operations, like concatenating two strings and assigning strings to variables, don't need 
anything special for UTF-8. However most string functions, like strposQ and strlenQ, do need special 
consideration. These functions often have an mb_* counterpart: for example, mb_strpos( ) and mb_strlen( ). 
These mb_* strings are made available to you via the Multibyte String Extension 7 , and are specifically designed 
to operate on Unicode strings. 

You must use the mb_* functions whenever you operate on a Unicode string. For example, if you use substr ( ) 
on a UTF-8 string, there's a good chance the result will include some garbled half-characters. The correct 
function to use would be the multibyte counterpart, mb_substr( ). 

The hard part is remembering to use the mb_* functions at all times. If you forget even just once, your Unicode 
string has a chance of being garbled during further processing. 

Not all string functions have an mb_* counterpart. If there isn't one for what you want to do, then you might 
be out of luck. 

You should use the mb_internal_encoding( ) function at the top of every PHP script you write (or at the top 
of your global include script), and the mb_http_output( ) function right after it if your script is outputting to 
a browser. Explicitly defining the encoding of your strings in every script will save you a lot of headaches 
down the road. 

Additionally, many PHP functions that operate on strings have an optional parameter letting you specify 
the character encoding. You should always explicitly indicate UTF-8 when given the option. For example, 
htmlentities( ) has an option for character encoding, and you should always specify UTF-8 if dealing 
with such strings. Note that as of PHP 5. 4.0, UTF-8 is the default encoding for htmlentities( ) and 
htmlspecialchars( ). 

Finally, If you are building an distributed application and cannot be certain that the mbstr i ng extension will be 
enabled, then consider using the patch work/ utf8 8 Composer package. This will use mbstring if it is available, 
and fall back to non UTF-8 functions if not. 

4 http://phptherightway.com/pages/Design- Patterns.html 

5 https://alexcabal.com/ 

6 https://phpbestpractices.org/#utf-8 

7 http://php. net/book. mbstring 

8 https://packagist.org/packages/patchwork/utf8 
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UTF-8 at the Database level 

If your PHP script accesses MySQL, there's a chance your strings could be stored as non-UTF-8 strings in the 
database even if you follow all of the precautions above. 

To make sure your strings go from PHP to MySQL as UTF-8, make sure your database and tables are all set 
to the utf8mb4 character set and collation, and that you use the utf8mb4 character set in the PDO connection 
string. See example code below. This is critically important. 

Note that you must use the utf8mb4 character set for complete UTF-8 support, not the utf8 character set! See 
Further Reading for why. 

UTF-8 at the browser level 

Use the mb_http_output( ) function to ensure that your PHP script outputs UTF-8 strings to your browser. 

The browser will then need to be told by the HTTP response that this page should be considered as UTF-8. 
The historic approach to doing that was to include the charset <meta> tag 9 in your page's <head> tag. This 
approach is perfectly valid, but setting the charset in the Content -Type header is actually much faster 10 . 

1 <?php 

2 // Tell PHP that we're using UTF-8 strings until the end of the script 

3 mb_internal_encoding( ' UTF-8 ') ; 
4 

5 // Tell PHP that we'll be outputting UTF-8 to the browser 

6 mb_http_output( 'UTF-8' ); 

7 

8 // Our UTF-8 test string 

9 $string = 'El sila erin 10 e-govaned vin.'; 
10 

11 // Transform the string in some way with a multibyte function 

12 // Note how we cut the string at a non-Asci i character for demonstration purposes 

13 $string = mb_substr($string, 0, 15); 
14 

15 // Connect to a database to store the transformed string 

16 // See the PDO example in this document for more information 

17 // Note the "set names utf8mb4* commmand! 

18 $link = new PD0( 



19 ' mysql : host=your- hostname ; dbname=your-db; charset=utf8mb4 ' , 

20 ' your -user name ' , 

21 ' your-password ' , 

22 array( 

23 PDO: :ATTR_ERRMODE => PDO : : ERRMODE_EXCEPTION , 

24 PDO: :ATTR_PERSISTENT => false 

25 ) 



'http://htmlpurifier.org/docs/enduser-utf8.html 

°https://developers. google.com/speed/docs/best- practices/rendering#SpecifyCharsetEarly 
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26 ); 
27 

28 // Store our transformed string as UTF-8 in our database 

29 // Your DB and tables are in the utf8mb4 character set and collation, right? 

30 $handle = $link->prepare( ' insert into ElvishSentences (Id, Body) values (?, ?)'); 

31 $handle->bindValue(l, 1, PDO : : PARAM_INT) ; 

32 $handle->bindValue(2, $string); 

33 $handle- >execute( ) ; 
34 

35 // Retrieve the string we just stored to prove it was stored correctly 

36 $handle = $1 ink- >prepare( ' select * from ElvishSentences where Id = ?'); 

37 $handle->bindValue(l, 1, PDO : : PARAM_INT) ; 

38 $handle- >execute( ) ; 
39 

40 // Store the result into an object that we'll output later in our HTML 

41 $result = $handle- > fetchAl 1 ( \PDO : : FETCH_OBJ) ; 
42 

43 header ( 'Content-Type: text/html; charset=UTF-8 1 ) ; 

44 ?><!doctype html> 

45 <html> 



46 <head> 

47 <meta charset="UTF-8" > 

48 <title>UTF-8 test page</title> 

49 </head> 

50 <body> 

51 < ?php 

52 foreach($result as $row){ 

53 print($row- >Body ) ; // This should correctly output our transformed UTF-8 stri\ 

54 ng to the browser 

55 } 

56 ?> 

57 </body> 

58 </html> 



Further reading 

• PHP Manual: String Operations 11 

• PHP Manual: String Functions 12 

- strpos( ) 13 

- strlen() 14 

- substr() 15 

"httpV/php.net/language.operators. string 

12 http://php.net/ref.strings 

13 http://php.net/function.strpos 

14 http://php.net/function.strlen 

15 http://php.net/function.substr 
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• PHP Manual: Multibyte String Functions 16 

- mb_strpos( ) 17 

- mb_strlen( ) 1S 

- mb_substr( ) 19 

- mb_internal_encoding( ) 20 

- mb_http_output( ) 21 

- htmlentities( ) 22 

- htmlspecialchars( ) 23 
. PHP UTF-8 Cheatsheet 24 

• Handling UTF-8 with PHP 25 

• Stack Overflow: What factors make PHP Unicode-incompatible? 26 

• Stack Overflow: Best practices in PHP and MySQL with international strings 

• How to support full Unicode in MySQL databases 28 
. Bringing Unicode to PHP with Portable UTF-8 29 



16 http://php.net/ref.mbstring 

"http://php.net/function.mb-strpos 

18 http://php.net/function.mb-strlen 

19 http://php.net/function.mb-substr 

20 http://php.net/function.mb-internal-encoding 

21 http://php.net/function.mb-http-output 

22 http://php.net/function.htmlentities 

23 http://php.net/function.htmlspecialchars 

24 http://blog. loftdigital.com/blog/php-utf-8-cheatsheet 

25 http://www.phpwact.org/php/il8n/utf-8 

2<s http://stackoverflow.com/questions/571694/what-factors-make-php-unicode- incompatible 
27 http://stackoverflow.com/questions/140728/best- practices- in- php-and-mysql- with- international-strings 
28 http://mathiasbynens.be/notes/mysql-utf8mb4 

2 'http://www.sitepoint. com/bringing- unicode-to-php- with- portable- utf8/ 



6. Dependency Injection 



From Wikipedia 1 : 

Dependency injection is a software design pattern that allows the removal of hard-coded 
dependencies and makes it possible to change them, whether at run-time or compile-time. 

This quote makes the concept sound much more complicated than it actually is. Dependency Injection is 
providing a component with its dependencies either through constructor injection, method calls or the setting 
of properties. It is that simple. 

6.1 Basic Concept 

We can demonstrate the concept with a simple, yet naive example. 

Here we have a Database class that requires an adapter to speak to the database. We instantiate the adapter 
in the constructor and create a hard dependency. This makes testing difficult and means the Database class 
is very tightly coupled to the adapter. 

<?php 

namespace Database; 

class Database 

{ 

protected $adapter; 

public function construct() 

{ 

$this- >adapter = new MySqlAdapter ; 

} 

} 

class MysqlAdapter {} 

This code can be refactored to use Dependency Injection and therefore loosen the dependency. 



'http^/en. wikipedia.org/wiki/Dependency_injection 
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<?php 

namespace Database; 

class Database 

{ 

protected $adapter; 

public function construct(MySqlAdapter Sadapter) 

{ 

$this- >adapter = $adapter; 

} 

} 

class MysqlAdapter {} 

Now we are giving the Database class its dependency rather than it creating it itself. We could even create 
a method that would accept an argument of the dependency and set it that way, or if the $adapter property 
was publ ic we could set it directly. 

6.2 Complex Problem 

If you have ever read about Dependency Injection then you have probably seen the terms "Inversion of 
Control" or "Dependency Inversion Principle". These are the complex problems that Dependency Injection 
solves. 

Inversion of Control 

Inversion of Control is as it says, "inverting the control" of a system by keeping organisational control entirely 
separate from our objects. In terms of Dependency Injection, this means loosening our dependencies by 
controlling and instantiating them elsewhere in the system. 

For years, PHP frameworks have been achieving Inversion of Control, however, the question became, which 
part of control are you inverting, and where to? For example, MVC frameworks would generally provide a 
super object or base controller that other controllers must extend to gain access to its dependencies. This is 
Inversion of Control, however, instead of loosening dependencies, this method simply moved them. 

Dependency Injection allows us to more elegantly solve this problem by only injecting the dependencies we 
need, when we need them, without the need for any hard coded dependencies at all. 

Dependency Inversion Principle 

Dependency Inversion Principle is the "D" in the S.O.L.I.D set of object oriented design principles that states 
one should "Depend on Abstractions. Do not depend on concretions. ". Put simply, this means our dependencies 
should be interfaces/contracts or abstract classes rather than concrete implementations. We can easily refactor 
the above example to follow this principle. 
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1 <?php 

2 namespace Database; 

3 

4 class Database 

5 { 

6 protected $adapter; 

7 

public function construct(AdapterInterface $adapter) 

9 { 

10 $this- >adapter = $adapter; 

11 } 

12 } 
13 

14 interface Adapter Interface {} 

15 

16 class MysqlAdapter implements Adapter Interface {} 

There are several benefits to the Database class now depending on an interface rather than a concretion. 

Consider that you are working in a team and the adapter is being worked on by a colleague. In our first 
example, we would have to wait for said colleague to finish the adapter before we could properly mock it for 
our unit tests. Now that the dependency is an interface/contract we can happily mock that interface knowing 
that our colleague will build the adapter based on that contract. 

An even bigger benefit to this method is that our code is now much more scalable. If a year down the line we 
decide that we want to migrate to a different type of database, we can write an adapter that implements the 
original interface and inject that instead, no more refactoring would be required as we can ensure that the 
adapter follows the contract set by the interface. 

6.3 Containers 

The first thing you should understand about Dependency Injection Containers is that they are not the same 
thing as Dependency Injection. A container is a convenience utility that helps us implement Dependency 
Injection, however, they can be and often are misused to implement an anti-pattern, Service Location. Injecting 
a DI container as a Service Locator in to your classes arguably creates a harder dependency on the container 
than the dependency you are replacing. It also makes your code much less transparent and ultimately harder 
to test. 

Most modern frameworks have their own Dependency Injection Container that allows you to wire your 
dependencies together through configuration. What this means in practice is that you can write application 
code that is as clean and de- coupled as the framework it is built on. 

6.4 Further Reading 

• Learning about Dependency Injection and PHP 2 

2 http://ralphschindler. com/201 1/05/18/learning-about-dependency- injection- and- php 
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• What is Dependency Injection? 3 

• Dependency Injection: An analogy 4 

• Dependency Injection: Huh? 5 

• Dependency Injection as a tool for testing 6 



3 http://fabien.potencier.org/article/ 1 1/what- is- dependency- injection 
4 http://mwop.net/blog/260-Dependency-Injection- An- analogy.html 
5 http://net.tutsplus.com/tutorials/php/dependency- injection- huh/ 
6 http://philipobenito.github.io/dependency- injection- as-a- tool- for- testing/ 



7. Databases 



Many times your PHP code will use a database to persist information. You have a few options to connect 
and interact with your database. The recommended option until PHP 5.1.0 was to use native drivers such as 
mysqli 1 , pgsql 2 , mssql 3 , etc. 

Native drivers are great if you are only using one database in your application, but if, for example, you are 
using MySQL and a little bit of MSSQL, or you need to connect to an Oracle database, then you will not be 
able to use the same drivers. You'll need to learn a brand new API for each database — and that can get silly. 

7.1 MySQL Extension 

The mysql 4 extension for PHP is no longer in active development, and is officially deprecated as of PHP 
5.5.0 5 , meaning that it will be removed within the next few releases. If you are using any functions that start 
with mysql_* such as mysql _connect( ) and mysql_query( ) in your applications then these will simply not 
be available in later versions of PHP. This means you will be faced with a rewrite at some point down the 
line, so the best option is to replace mysql usage with mysqli 6 or PDO 7 in your applications within your own 
development schedules so you won't be rushed later on. 

If you are starting from scratch then absolutely do not use the mysql 8 extension: use the MySQLi 
extension 9 , or use PDO 10 . 

• PHP: Choosing an API for MySQL 11 
. PDO Tutorial for MySQL Developers 12 



7.2 PDO Extension 



PDO 13 is a database connection abstraction library — built into PHP since 5.1.0 — that provides a common 
interface to talk with many different databases. For example, you can use basically identical code to interface 
with MySQL or SQLite: 



'http://php.net/ mysqli 

2 http://php.net/pgsql 

3 http://php.net/mssql 

"http://php.net/mysql 

5 http://php.net/migration55. deprecated 

6 http://php.net/mysqli 

7 http://php.net/pdo 

8 http://php.net/mysql 

'http://php.net/mysqli 
10 http://php.net/pdo 
"httpV/php.net/mysqlinfo.api.choosing 

12 http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers 
"http://php.net/pdo 
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1 <?php 

2 // PDO + MySQL 

3 $pdo = new PDO( 'mysql : host=example.com;dbname=database' , 'user', 'password'); 

4 $statement = $pdo- >query( "SELECT some_field FROM some_table" ) ; 

5 $row = $statement->fetch(PDO: : FETCH_ASSOC) ; 

6 echo htmlentities($row [ ' some_f ield ' ] ) ; 

7 

8 // PDO + SQLite 

9 $pdo = new PDO( ' sql ite : /path/db/foo . sql ite ' ) ; 

10 $statement = $pdo- >query( "SELECT some_field FROM some_table" ) ; 

11 $row = $statement->fetch(PDO: :FETCH_ASSOC); 

12 echo htmlentities($row [ ' some_f ield ' ] ) ; 

PDO will not translate your SQL queries or emulate missing features; it is purely for connecting to multiple 
types of database with the same API. 

More importantly, PDO allows you to safely inject foreign input (e.g. IDs) into your SQL queries without 
worrying about database SQL injection attacks. This is possible using PDO statements and bound parameters. 

Let's assume a PHP script receives a numeric ID as a query parameter. This ID should be used to fetch a user 
record from a database. This is the wrong way to do this: 

1 <?php 

2 $pdo = new PDO( ' sql ite : /path/db/users . db ' ) ; 

3 $pdo->query( "SELECT name FROM users WHERE id = " . $_GET [ ' id ' ] ) ; // <-- NO! 

This is terrible code. You are inserting a raw query parameter into a SQL query. This will get you hacked 
in a heartbeat, using a practice called SQL Injection 14 . Just imagine if a hacker passes in an inventive 
id parameter by calling a URL like http : //domain . com/?id=l%3BDELETE+FR0M+users. This will set the 
$_GET [ ' id ' ] variable to 1 ; DELETE FROM users which will delete all of your users! Instead, you should sanitize 
the ID input using PDO bound parameters. 

1 <?php 

2 $pdo = new PDO( ' sql ite : /path/db/users . db ') ; 

3 $stmt = $pdo->prepare( 'SELECT name FROM users WHERE id = :id'); 

4 $stmt->bindParam( ' : id' , $_GET [ ' id ' ] , PDO: : PARAM_INT) ; // <-- Automatically sanitized by PDO 

5 $stmt- >execute( ) ; 

This is correct code. It uses a bound parameter on a PDO statement. This escapes the foreign input ID before 
it is introduced to the database preventing potential SQL injection attacks. 

. Learn about PDO 15 



14 http://wiki. hashphp.org/Validation 
15 http://php.net/book.pdo 
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You should also be aware that database connections use up resources and it was not unheard-of to have 
resources exhausted if connections were not implicitly closed, however this was more common in other 
languages. Using PDO you can implicitly close the connection by destroying the object by ensuring all 
remaining references to it are deleted, i.e. set to NULL. If you don't do this explicitly, PHP will automatically 
close the connection when your script ends - unless of course you are using persistent connections. 

• Learn about PDO connections 16 



7.3 Interacting with Databases 

When developers first start to learn PHP, they often end up mixing their database interaction up with their 
presentation logic, using code that might look like this: 

1 <ul> 

2 <?php 

3 foreach ($db- >query( ' SELECT * FROM table') as $row) { 

4 echo "<li>" .$row[ ' fieldl 1 ] . " - " . $row [ 1 f ieldl 1 ] . " </l i > " ; 

5 } 

6 ?> 

7 </ul> 

This is bad practice for all sorts of reasons, mainly that its hard to debug, hard to test, hard to read and it is 
going to output a lot of fields if you don't put a limit on there. 

While there are many other solutions to doing this - depending on if you prefer OOP 17 or functional 
programming 18 - there must be some element of separation. 

Consider the most basic step: 

1 <?php 

2 function getAl lFoos($db) { 

3 return $db->query( 'SELECT * FROM table'); 

4 } 

5 

6 foreach (getAl lFoos($db) as $row) { 

7 echo "<li>" . $row [ ' fieldl ']. " - ". $row [' fieldl ']." </l i >" ; //BAD!! 

8 } 

That is a good start. Put those two items in two different files and you've got some clean separation. 

l6 http://php.net/pdo. connections 
"/♦object-oriented-programming 
1 Afunctional- programming 



Databases 



27 



Create a class to place that method in and you have a "Model". Create a simple . php file to put the presentation 
logic in and you have a "View", which is very nearly MVC 19 - a common OOP architecture for most 

frameworks 20 . 

foo.php 

1 <?php 

2 $db = new PDO( ' mysql : host= local host; dbname=testdb; charset=utf8 ' , ' username ' , 'password'); 

3 

4 // Make your model available 

5 include ' models/FooModel . php ' ; 

6 

7 // Create an instance 

8 $fool_ist = new FooModel ($db) ; 

9 

10 // Show the view 

11 include ' views/foo- 1 ist . php ' ; 

models/FooModel.php 



1 <?php 

2 class Foo() 

3 { 

4 protected $db; 

5 

6 public function construct(PDO $db) 

7 { 

8 $this->db = $db; 

9 } 
10 

11 public function getAHFoosQ { 

12 return $this- >db- >query( ' SELECT * FROM table'); 

13 } 

14 } 

views/foo-list.php 

1 <?php foreach ($fool_ist as $row) : ?> 

2 <?= $row[ ' fieldl ' ] ?> - <?= $row[ ' f ieldl ' ] ?> 

3 <?php end foreach ?> 



19 http://code. tutsplus.com/tutorials/mvc-for-noobs--net- 10488 
z0 /#frameworks 
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This is essentially the same as what most modern frameworks are doing, albeit a little more manual. You 
might not need to do all of that every time, but mixing together too much presentation logic and database 
interaction can be a real problem if you ever want to unit-test 21 your application. 

PHPBridge 22 have a great resource called Creating a Data Class 23 which covers a very similar topic, and is 
great for developers just getting used to the concept of interacting with databases. 

7.4 Abstraction Layers 

Many frameworks provide their own abstraction layer which may or may not sit on top of PDO 24 . These will 
often emulate features for one database system that is missing from another by wrapping your queries in PHP 
methods, giving you actual database abstraction instead of just the connection abstraction that PDO provides. 
This will of course add a little overhead, but if you are building a portable application that needs to work with 
MySQL, PostgreSQL and SQLite then a little overhead will be worth it the sake of code cleanliness. 

Some abstraction layers have been built using the PSR-0 25 or PSR-4 26 namespace standards so can be installed 
in any application you like: 

. Aura SQL 27 

. Doctrine2 DBAL 28 

• Propel 29 

. ZF2Db 30 



2 V#unit- testing 
22 http://phpbridge.org/ 

23 http://phpbridge.org/intro-to-php/creating_a_data_class 
24 http://php.net/book.pdo 

25 https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md 

26 https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4- autoloader. md 

27 https://github.com/auraphp/Aura.Sql 

28 http://www.doctrine-project.org/projects/dbal.html 

29 http://propelorm.org/ 

30 http://packages.zendframework.com/docs/latest/manual/en/index.html#zend-db 



8. Templating 



Templates provide a convenient way of separating your controller and domain logic from your presentation 
logic. Templates typically contain the HTML of your application, but may also be used for other formats, 
such as XML. Templates are often referred to as "views", which make up part of the second component of 
the modela€"viewa€"controller 1 (MVC) software architecture pattern. 

8.1 Benefits 

The main benefit to using templates is the clear separation they create between the presentation logic and the 
rest of your application. Templates have the sole responsibility of displaying formatted content. They are not 
responsible for data lookup, persistence or other more complex tasks. This leads to cleaner, more readable code 
which is especially helpful in a team environment where developers work on the server-side code (controllers, 
models) and designers work on the client-side code (markup). 

Templates also improve the organization of presentation code. Templates are typically placed in a "views" 
folder, each defined within a single file. This approach encourages code reuse where larger blocks of code are 
broken into smaller, reusable pieces, often called partials. For example, your site header and footer can each 
be defined as templates, which are then included before and after each page template. 

Finally, depending on the library you use, templates can offer more security by automatically escaping user- 
generated content. Some libraries even offer sand-boxing, where template designers are only given access to 
white-listed variables and functions. 

8.2 Plain PHP Templates 

Plain PHP templates are simply templates that use native PHP code. They are a natural choice since PHP is 
actually a template language itself. That simply means that you can combine PHP code within other code, 
like HTML. This is beneficial to PHP developers as there is no new syntax to learn, they know the functions 
available to them, and their code editors already have PHP syntax highlighting and auto-completion built-in. 
Further, plain PHP templates tend to be very fast as no compiling stage is required. 

Every modern PHP framework employs some kind of template system, most of which use plain PHP by 
default. Outside of frameworks, libraries like Plates 2 or Aura.View 3 make working with plain PHP templates 
easier by offering modern template functionality such as inheritance, layouts and extensions. 

Simple example of a plain PHP template 

Using the Plates 4 library. 

'httpV/phptherightway.com/pages/Design-Patterns.htmltaodel- view- controller 

2 http://platesphp.com/ 

3 https://github.com/auraphp/Aura.View 

4 http://platesphp.com/ 
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1 <?php // user_profile.php ?> 
2 

3 <?php $this->insert( 'header ' , ['title' => 'User Profile']) ?> 
4 

5 <hl>User Profile</hl> 

6 <p>Hello, <?=$this->escape($name) ?></p> 
7 

8 <?php $this-> insert ( ' footer ' ) ?> 

Example of plain PHP templates using inheritance 

Using the Plates 5 library. 

1 <?php // template . php ?> 

2 

3 <html> 

4 <head> 

5 <title><?=$title?x/title> 

6 </head> 

7 <body> 
8 

9 <main> 

10 <?=$this->section( 'content' ) ?> 

11 </main> 
12 

13 </body> 

14 </html> 



1 <?php // user _pro file. php ?> 
2 

3 <?php $this-> layout( 'template' , ['title' => 'User Profile']) ?> 
4 

5 <hl>User Profile</hl> 

6 <p>Hello, <?=$this->escape($name)?></p> 

8.3 Compiled Templates 

While PHP has evolved into a mature, object oriented language, it hasn't improved much 6 as a templating 
language. Compiled templates, like Twig 7 or Smarty 8 *, fill this void by offering a new syntax that has been 

5 http://platesphp.com/ 

'http://fabien.potencier.org/article/34/templating-engines-in-php 

7 http://twig. sensiolabs.org/ 

8 http://www.smarty.net/ 
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geared specifically to templating. From automatic escaping, to inheritance and simplified control structures, 
compiled templates are designed to be easier to write, cleaner to read and safer to use. Compiled templates 
can even be shared across different languages, Mustache 9 being a good example of this. Since these templates 
must be compiled there is a slight performance hit, however this is very minimal when proper caching is used. 

* While Smarty offers automatic escaping, this feature is NOT enabled by default. 

Simple example of a compiled template 

Using the Twig 10 library. 

1 {% raw %} 

2 {% include 'header.html' with {'title': 'User Profile'} %} 

3 

4 <hl>User Profile</hl> 

5 <p>Hello, {{ name }}</p> 

6 

{% include 'footer.html' %} 
8 {% endraw %} 

Example of compiled templates using inheritance 

Using the Twig 11 library. 

1 {% raw %} 

2 // template.html 

3 

4 <html> 

5 <head> 

6 <title>{% block title %}{% endblock %}</title> 

7 </head> 

8 <body> 

9 

10 <main> 

11 {% block content %}{% endblock %} 

12 </main> 

13 

14 </body> 

15 </html> 

16 {% endraw %} 



'http://mustache.github.io/ 
10 http://twig. sensiolabs.org/ 
"http://twig. sensiolabs.org/ 
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1 {% raw %} 

2 // user_profile.html 

3 

4 {% extends "template.html" %} 

5 

6 {% block title %}User Profile{% endblock %} 

7 {% block content %} 

8 <hl>User Profile</hl> 

9 <p>Hello, {{ name }}</p> 

10 {% endblock %} 

11 endraw 

8.4 Further Reading 
Articles & Tutorials 

• Templating Engines in PHP 12 

• An Introduction to Views & Templating in Codelgniter 13 

• Getting Started With PHP Templating 14 

• Roll Your Own Templating System in PHP 15 

• Master Pages 16 

• Working With Templates in Symfony 2 17 

Libraries 

• Aura.View 18 (native) 

• Blade 19 (compiled, framework specific) 

• Dwoo 20 (compiled) 

• Latte 21 (compiled) 

• Mustache 22 (compiled) 
. PHPTAL 23 (compiled) 

• Plates 24 (native) 

12 http://fabien.potencier.org/article/34/templating-engines-in-php 

13 http://code. tutsplus.com/tutorials/an-introduction-to-views-templating-in-codeigniter--net- 25648 
14 http://www.smashingmagazine.com/2011/10/17/getting- started- with- php- templating/ 
15 http://code. tutsplus.com/tutorials/roll-your-own-templating-system-in-php--net- 16596 
16 https://laracasts.com/series/laravel-from-scratcti/episodes/7 

"http://code.tutsplus.com/tutorials/working-with-templates-in- symfony- 2- - cms- 21172 

18 https://github.com/auraphp/Aura.View 

"http://laravel.com/docs/templates 

20 http://dwoo.org/ 

21 https://github.com/nette/latte 

22 https://github.com/bobthecow/mustache.php 

23 http://phptal.org/ 

24 http://platesphp.com/ 
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• Smarty 25 (compiled) 

• Twig 26 (compiled) 

• ZendView 27 (native, framework specific) 



'http://www.smarty.net/ 
'http://twig.sensiolabs.org/ 

http://framework.zend.eom/manual/2.3/en/modules/zend.view.quick-start.html 



9. Errors and Exceptions 



9.1 Errors 



In many "exception-heavy" programming languages, whenever anything goes wrong an exception will be 
thrown. This is certainly a viable way to do things, but PHP is an "exception-light" programming language. 
While it does have exceptions and more of the core is starting to use them when working with objects, most 
of PHP itself will try to keep processing regardless of what happens, unless a fatal error occurs. 

For example: 



1 $ php -a 

2 php > echo $foo; 

3 Notice: Undefined variable: foo in php shell code on line 1 



This is only a notice error, and PHP will happily carry on. This can be confusing for those coming from 
"exception-heavy" languages, because referencing a missing variable in Python for example will throw an 
exception: 



1 $ python 

2 >>> print foo 

3 Traceback (most recent call last): 

4 File "<stdin>", line 1, in <module> 

5 NameError : name 'foo' is not defined 



The only real difference is that Python will freak out over any small thing, so that developers can be super sure 
any potential issue or edge-case is caught, whereas PHP will keep on processing unless something extreme 
happens, at which point it will throw an error and report it. 

Error Severity 

PHP has several levels of error severity. The three most common types of messages are errors, notices and 
warnings. These have different levels of severity; E_ERROR, E_NOTICE, and E_WARNING. Errors are fatal run- 
time errors and are usually caused by faults in your code and need to be fixed as they'll cause PHP to stop 
executing. Notices are advisory messages caused by code that may or may not cause problems during the 
execution of the script, execution is not halted. Warnings are non-fatal errors, execution of the script will not 
be halted. 

Another type of error message reported at compile time are E_STRICT messages. These messages are used to 
suggest changes to your code to help ensure best interoperability and forward compatibility with upcoming 
versions of PHP. 
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Changing PHP's Error Reporting Behaviour 

Error Reporting can be changed by using PHP settings and/or PHP function calls. Using the built in PHP 
function error_reporting( ) you can set the level of errors for the duration of the script execution by passing 
one of the predefined error level constants, meaning if you only want to see Warnings and Errors - but not 
Notices - then you can configure that: 

1 <?php 

2 error_reporting(E_ERROR I E_WARNING); 

You can also control whether or not errors are displayed to the screen (good for development) or hidden, and 
logged (good for production). For more information on this check out the Error Reporting 1 section. 

Inline Error Suppression 

You can also tell PHP to suppress specific errors with the Error Control Operator @. You put this operator at 
the beginning of an expression, and any error that's a direct result of the expression is silenced. 

1 <?php 

2 echo ©$foo[ 'bar' ] ; 

This will output $foo [ ' bar ' ] if it exists, but will simply return a null and print nothing if the variable $foo 
or ' bar ' key does not exist. Without the error control operator, this expression could create a PHP Notice : 
Undefined variable: foo or PHP Notice: Undefined index: bar error. 

This might seem like a good idea, but there are a few undesirable tradeoffs. PHP handles expressions using 
an § in a less performant way than expressions without an §. Premature optimization may be the root of 
all programming arguments, but if performance is particularly important for your application/library it's 
important to understand the error control operator's performance implications. 

Secondly, the error control operator completely swallows the error. The error is not displayed, and the error 
is not sent to the error log. Also, stock/production PHP systems have no way to turn off the error control 
operator. While you may be correct that the error you're seeing is harmless, a different, less harmless error 
will be just as silent. 

If there's a way to avoid the error suppression operator, you should consider it. For example, our code above 
could be rewritten like this: 

1 <?php 

2 echo isset($foo[ 'bar ' ] ) ? $foo['bar'] : 1 '; 

One instance where error suppression might make sense is where f open ( ) fails to find a file to load. You could 
check for the existence of the file before you try to load it, but if the file is deleted after the check and before 
the fopen( ) (which might sound impossible, but it can happen) then fopen( ) will return false and throw an 



V#error_reporting 
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error. This is potentially something PHP should resolve, but is one case where error suppression might seem 
like the only valid solution. 

Earlier we mentioned there's no way in a stock PHP system to turn off the error control operator. However, 
Xdebug 2 has an xdebug . scream ini setting which will disable the error control operator. You can set this via 
your php .ini file with the following. 

xdebug . scream = On 

You can also set this value at runtime with the ini_set function 
<?php 

ini_set( ' xdebug . scream ' , '1') 

The "Scream 3 " PHP extension offers similar functionality to Xdebug's, although Scream's ini setting is named 
scream . enabled. 

This is most useful when you're debugging code and suspect an informative error is suppressed. Use scream 
with care, and as a temporary debugging tool. There's lots of PHP library code that may not work with the 
error control operator disabled. 

• Error Control Operators 4 
. SitePoint 5 

. Xdebug 6 

• Scream 7 

ErrorException 

PHP is perfectly capable of being an "exception-heavy" programming language, and only requires a few lines 
of code to make the switch. Basically you can throw your "errors" as "exceptions" using the ErrorException 
class, which extends the Exception class. 

This is a common practice implemented by a large number of modern frameworks such as Symfony and 
Laravel. By default Laravel will display all errors as exceptions using the Whoops! 8 package if the app . debug 
switch is turned on, then hide them if the switch is turned off. 

By throwing errors as exceptions in development you can handle them better than the usual result, and if you 
see an exception during development you can wrap it in a catch statement with specific instructions on how 
to handle the situation. Each exception you catch instantly makes your application that little bit more robust. 

More information on this and details on how to use ErrorException with error handling can be found at 
ErrorException Class 9 . 

2 http://xdebug.org/docs/basic 

3 http://php.net/book.scream 

"http://php.net/language. operators. errorcontrol 

5 http://www.sitepoint.com/ 

6 http://xdebug.org/docs/basic 

7 http://php. net/book. scream 

8 http://filp.github.io/whoops/ 

'http://php.net/class.errorexception 
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• Error Control Operators 10 

• Predefined Constants for Error Handling 11 

• error_reporting( ) 12 

• Reporting 13 



9.2 Exceptions 



Exceptions are a standard part of most popular programming languages, but they are often overlooked by 
PHP programmers. Languages like Ruby are extremely Exception heavy, so whenever something goes wrong 
such as a HTTP request failing, or a DB query goes wrong, or even if an image asset could not be found, Ruby 
(or the gems being used) will throw an exception to the screen meaning you instantly know there is a mistake. 

PHP itself is fairly lax with this, and a call to file_get_contents( ) will usually just get you a FALSE and 
a warning. Many older PHP frameworks like Codelgniter will just return a false, log a message to their 
proprietary logs and maybe let you use a method like $th is-> upload - >get_error( ) to see what went wrong. 
The problem here is that you have to go looking for a mistake and check the docs to see what the error method 
is for this class, instead of having it made extremely obvious. 

Another problem is when classes automatically throw an error to the screen and exit the process. When you 
do this you stop another developer from being able to dynamically handle that error. Exceptions should be 
thrown to make a developer aware of an error; they then can choose how to handle this. E.g.: 



1 <?php 

2 $email = new Fuel\Email; 

3 $emai 1 ->subject( ' My Subject'); 

4 $email->body( 'How the heck are you?'); 

5 $email->to( 'guy@example.com' , 'Some Guy'); 

6 

7 try 

9 $emai 1 - >send( ) ; 

10 

11 catch(Fuel\Email\ValidationFailedException $e) 

12 
13 
14 

15 catch(Fuel\Email\SendingFailedException $e) 

16 
17 
18 
19 
20 



// The validation failed 



// The driver could not send the email 
inal ly 



10 http://php.net/language.operators.errorcontrol 
"httpV/php.net/errorfunc. constants 
12 http://php.net/function.error- reporting 
1 3 /#error_reporting 
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21 // Executed regardless of whether an exception has been thrown, and before normal exec\ 

22 ution resumes 

23 } 

SPL Exceptions 

The generic Exception class provides very little debugging context for the developer; however, to remedy 
this, it is possible to create a specialized Exception type by sub-classing the generic Exception class: 

1 <?php 

2 class Val idationException extends Exception {} 

This means you can add multiple catch blocks and handle different Exceptions differently. This can lead to 
the creation of a of custom Exceptions, some of which could have been avoided using the SPL Exceptions 
provided in the SPL extension 14 . 

If for example you use the ca 1 1 ( ) Magic Method and an invalid method is requested then instead of 

throwing a standard Exception which is vague, or creating a custom Exception just for that, you could just 
throw new BadMethodCal lException ; . 

• Read about Exceptions 15 

• Read about SPL Exceptions 16 

• Nesting Exceptions In PHP 17 

• Exception Best Practices in PHP 5.3 18 



14 /#standard_php_library 
15 http://php. net/language. exceptions 
16 http://php.net/spl. exceptions 

l7 http://www.brandonsavage.net/exceptional-php- nesting- exceptions- in- php/ 
18 http://ralphschindler.com/2010/09/15/exception- best- practices- in- php-5-3 



10. Security 



10.1 Web Application Security 

There are bad people ready and willing to exploit your web application. It is important that you take necessary 
precautions to harden your web application's security. Luckily, the fine folks at The Open Web Application 
Security Project 1 (OWASP) have compiled a comprehensive list of known security issues and methods to 
protect yourself against them. This is a must read for the security-conscious developer. 

. Read the OWASP Security Guide 2 

10.2 Password Hashing 

Eventually everyone builds a PHP application that relies on user login. Usernames and passwords are stored 
in a database and later used to authenticate users upon login. 

It is important that you properly hash 3 passwords before storing them. Password hashing is an irreversible, 
one way function performed against the user's password. This produces a fixed-length string that cannot be 
feasibly reversed. This means you can compare a hash against another to determine if they both came from 
the same source string, but you cannot determine the original string. If passwords are not hashed and your 
database is accessed by an unauthorized third-party, all user accounts are now compromised. Some users may 
(unfortunately) use the same password for other services. Therefore, it is important to take security seriously. 

Hashing passwords with password_hash 

In PHP 5.5 password_hash( ) was introduced. At this time it is using BCrypt, the strongest algorithm currently 
supported by PHP. It will be updated in the future to support more algorithms as needed though. The 
password_compat library was created to provide forward compatibility for PHP >= 5.3.7. 

Below we hash a string, and then check the hash against a new string. Because our two source strings are 
different ('secret-password' vs. 'bad-password') this login will fail. 



'http://php.net/book. filter 
2 http://php.net/filter.filters. sanitize 
3 http://php.net/filter.filters.validate 
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1 <?php 

2 require ' password . php ' ; 

3 

4 $passwordHash = password_hash( ' secret -password ' , PASSWORD_DEFAULT) ; 

5 

6 if (password_veri fy( ' bad-password ' , $passwordHash) ) { 

7 // Correct Password 

8 } else { 

9 // Wrong password 
10 } 

• Learn about password_hash( ) 4 

• password_compat for PHP >= 5.3.7 && < 5.5 5 

• Learn about hashing in regards to cryptography 6 

• PHP password_hash( ) RFC 7 

10.3 Data Filtering 

Never ever (ever) trust foreign input introduced to your PHP code. Always sanitize and validate foreign input 
before using it in code. The filter_var( ) and f ilter_input( ) functions can sanitize text and validate text 
formats (e.g. email addresses). 

Foreign input can be anything: $_GET and $_P0ST form input data, some values in the $_SERVER superglobal, 
and the HTTP request body via fopen( 'php: //input' , 'r' ). Remember, foreign input is not limited to 
form data submitted by the user. Uploaded and downloaded files, session values, cookie data, and data from 
third-party web services are foreign input, too. 

While foreign data can be stored, combined, and accessed later, it is still foreign input. Every time you process, 
output, concatenate, or include data in your code, ask yourself if the data is filtered properly and can it be 
trusted. 

Data may be filtered differently based on its purpose. For example, when unfiltered foreign input is passed into 
HTML page output, it can execute HTML and JavaScript on your site! This is known as Cross-Site Scripting 
(XSS) and can be a very dangerous attack. One way to avoid XSS is to sanitize all user-generated data before 
outputting it to your page by removing HTML tags with the strip_tags( ) function or escaping characters 
with special meaning into their respective HTML entities with the htmlentities( ) or htmlspecialchars( ) 
functions. 

Another example is passing options to be executed on the command line. This can be extremely dangerous 
(and is usually a bad idea), but you can use the built-in escapeshel larg( ) function to sanitize the executed 
command's arguments. 

"http://php.net/book.filter 
5 http://php.net/filter.filters. sanitize 
6 http://php.net/filter.filters.validate 
7 http://php.net/function.filter-var 
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One last example is accepting foreign input to determine a file to load from the filesystem. This can be 
exploited by changing the filename to a file path. You need to remove " / " , "../", null bytes 8 , or other 
characters from the file path so it can't load hidden, non-public, or sensitive files. 

• Learn about data filtering 9 

• Learn about filter_var 10 

• Learn about filter_input" 

• Learn about handling null bytes 12 

Sanitization 

Sanitization removes (or escapes) illegal or unsafe characters from foreign input. 

For example, you should sanitize foreign input before including the input in HTML or inserting it into a raw 
SQL query. When you use bound parameters with PDO, it will sanitize the input for you. 

Sometimes it is required to allow some safe HTML tags in the input when including it in the HTML page. This 
is very hard to do and many avoid it by using other more restricted formatting like Markdown or BBCode, 
although whitelisting libraries like HTML Purifier 13 exists for this reason. 

See Sanitization Filters 14 

Validation 

Validation ensures that foreign input is what you expect. For example, you may want to validate an email 
address, a phone number, or age when processing a registration submission. 

See Validation Filters 15 

10.4 Configuration Files 

When creating configuration files for your applications, best practices recommend that one of the following 
methods be followed: 

• It is recommended that you store your configuration information where it cannot be accessed directly 
and pulled in via the file system. 

• If you must store your configuration files in the document root, name the files with a . php extension. 
This ensures that, even if the script is accessed directly, it will not be output as plain text. 

• Information in configuration files should be protected accordingly, either through encryption or 
group/user file system permissions 

8 http://php. net/security .filesystem. nullbytes 

'http://php.net/book.filter 
lo http://php.net/function.filter-var 
1 'httpV/php.net/function.filter- input 
12 http://php. net/security .filesystem. nullbytes 
13 http://htmlpurifier.org/ 
14 http://php.net/filter.filters. sanitize 
15 http://php.net/filter.filters.validate 
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10.5 Register Globals 

NOTE: As of PHP 5.4.0 the register_globals setting has been removed and can no longer be used. This is 
only included as a warning for anyone in the process of upgrading a legacy application. 

When enabled, the register_globals configuration setting that makes several types of variables (including 
ones from $_P0ST, $_GET and $_REQUEST) available in the global scope of your application. This can easily 
lead to security issues as your application cannot effectively tell where the data is coming from. 

For example: $_GET[ ' foo' ] would be available via $foo, which can override variables that have not been 
declared. If you are using PHP < 5.4.0 make sure that register_globals is off. 

• Register_globals in the PHP manual 16 

10.6 Error Reporting 

Error logging can be useful in finding the problem spots in your application, but it can also expose information 
about the structure of your application to the outside world. To effectively protect your application from 
issues that could be caused by the output of these messages, you need to configure your server differently in 
development versus production (live). 

Development 

To show every possible error during , configure the following settings in your php. ini: 

1 display_errors = On 

2 display_startup_errors = On 

3 error_reporting = -1 

4 log_errors = On 

Passing in the value -1 will show every possible error, even when new levels and constants are 
added in future PHP versions. The E_ALL constant also behaves this way as of PHP 5.4. - php.net 17 

The E_STRICT error level constant was introduced in 5.3.0 and is not part of E_ALL, however it became part 
of E_ALL in 5.4.0. What does this mean? In terms of reporting every possible error in version 5.3 it means you 
must use either -1 or E_ALL | E_STRICT. 

Reporting every possible error by PHP version 

• < 5.3 -1 or E_ALL 

• 5.3-1 or E_ALL | E_STRICT 

• > 5.3 -1 or E_ALL 

Production 

To hide errors on your environment, configure your php. ini as: 

16 http://php.net/security.globals 
17 http://php.net/function.error- reporting 
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1 display_errors = Off 

2 display_startup_errors = Off 

3 error_reporting = E_ALL 

4 log_errors = On 

With these settings in production, errors will still be logged to the error logs for the web server, but will not 
be shown to the user. For more information on these settings, see the PHP manual: 

• error_reporting 18 

• display_errors 19 

• display_startup_errors 20 

• log_errors 21 



18 http://php.net/errorfunc.configuration#ini.error- reporting 
19 http://php.net/errorfunc.configuration#ini. display- errors 
20 http://php.net/errorfunc.configuration#ini. display- startup- errors 
21 http://php.net/errorfunc.configuration#ini.log-errors 



11. Testing 



Writing automated tests for your PHP code is considered a best practice and can lead to well-built applications. 
Automated tests are a great tool for making sure your application does not break when you are making changes 
or adding new functionality and should not be ignored. 

There are several different types of testing tools (or frameworks) available for PHP, which use different 
approaches - all of which are trying to avoid manual testing and the need for large Quality Assurance teams, 
just to make sure recent changes didn't break existing functionality. 

11.1 Test Driven Development 

From Wikipedia 1 : 

Test-driven development (TDD) is a software development process that relies on the repetition 
of a very short development cycle: first the developer writes a failing automated test case that 
defines a desired improvement or new function, then produces code to pass that test and finally 
refactors the new code to acceptable standards. Kent Beck, who is credited with having developed 
or 'rediscovered' the technique, stated in 2003 that TDD encourages simple designs and inspires 
confidence. 

There are several different types of testing that you can do for your application: 

Unit Testing 

Unit Testing is a programming approach to ensure functions, classes and methods are working as expected, 
from the point you build them all the way through the development cycle. By checking values going in and 
out of various functions and methods, you can make sure the internal logic is working correctly. By using 
Dependency Injection and building "mock" classes and stubs you can verify that dependencies are correctly 
used for even better test coverage. 

When you create a class or function you should create a unit test for each behavior it must have. At a very 
basic level you should make sure it errors if you send it bad arguments and make sure it works if you send 
it valid arguments. This will help ensure that when you make changes to this class or function later on in 
the development cycle that the old functionality continues to work as expected. The only alternative to this 
would be var_dump( ) in a test.php, which is no way to build an application - large or small. 

The other use for unit tests is contributing to open source. If you can write a test that shows broken 
functionality (i.e. fails), then fix it, and show the test passing, patches are much more likely to be accepted. If 
you run a project which accepts pull requests then you should suggest this as a requirement. 



'httpV/en. wikipedia.org/wiki/Test-driven_development 
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PHPUnit 2 is the de-facto testing framework for writing unit tests for PHP applications, but there are several 
alternatives 

• atoum 3 

• Enhance PHP 4 
. PUnit 5 

• SimpleTest 6 

Integration Testing 

From Wikipedia 7 : 

Integration testing (sometimes called Integration and Testing, abbreviated "I&T") is the phase 
in software testing in which individual software modules are combined and tested as a group. 
It occurs after unit testing and before validation testing. Integration testing takes as its input 
modules that have been unit tested, groups them in larger aggregates, applies tests defined in an 
integration test plan to those aggregates, and delivers as its output the integrated system ready 
for system testing. 

Many of the same tools that can be used for unit testing can be used for integration testing as many of the 
same principles are used. 

Functional Testing 

Sometimes also known as acceptance testing, functional testing consists of using tools to create automated 
tests that actually use your application instead of just verifying that individual units of code are behaving 
correctly and that individual units can speak to each other correctly. These tools typically work using real 
data and simulating actual users of the application. 

Functional Testing Tools 

• Selenium 8 
. Mink 9 

• Codeception 10 is a full-stack testing framework that includes acceptance testing tools 

• Storyplayer 11 is a full-stack testing framework that includes support for creating and destroying test 
environments on demand 

2 http://phpunit.de 
3 https://github.com/atoum/atoum 
4 https://github.com/Enhance- PHP/Enhance- PHP 
5 http://punit. smf.me.uk/ 
6 http://simpletest.org 

7 http://en. wikipedia.org/wiki/Integration_testing 

8 http://seleniumhq.com 

'http://mink.behat.org 
10 http://codeception.com 
"httpV/datasift.github.io/storyplayer 
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11.2 Behavior Driven Development 

There are two different types of Behavior-Driven Development (BDD): SpecBDD and StoryBDD. SpecBDD 
focuses on technical behavior of code, while StoryBDD focuses on business or feature behaviors or interac- 
tions. PHP has frameworks for both types of BDD. 

With StoryBDD, you write human-readable stories that describe the behavior of your application. These 
stories can then be run as actual tests against your application. The framework used in PHP applications for 
StoryBDD is Behat 12 , which is inspired by Ruby's Cucumber 13 project and implements the Gherkin DSL for 
describing feature behavior. 

With SpecBDD, you write specifications that describe how your actual code should behave. Instead of testing a 
function or method, you are describing how that function or method should behave. PHP offers the PHPSpec 14 
framework for this purpose. This framework is inspired by the RSpec project 15 for Ruby. 

BDD Links 

• Behat 16 , the StoryBDD framework for PHP, inspired by Ruby's Cucumber 17 project; 

• PHPSpec 18 , the SpecBDD framework for PHP, inspired by Ruby's RSpec 19 project; 

• Codeception 20 is a full-stack testing framework that uses BDD principles. 

11.3 Complementary Testing Tools 

Besides individual testing and behavior driven frameworks, there are also a number of generic frameworks 
and helper libraries useful for any preferred approach taken. 

Tool Links 

• Selenium 21 is a browser automation tool which can be integrated with PHPUnit 22 

• Mockery 23 is a Mock Object Framework which can be integrated with PHPUnit 24 or PHPSpec 25 

• Prophecy 26 is a highly opinionated yet very powerful and flexible PHP object mocking framework. It's 
integrated with PHPSpec 27 and can be used with PHPUnit 28 . 



,2 http://behat.org/ 

13 http://cukes.info/ 

14 http://www.phpspec.net/ 

15 http://rspec.info/ 

"http://behat.org/ 

17 http://cukes.info/ 

18 http://www.phpspec.net/ 

19 http://rspec.info/ 

20 http://codeception.com/ 

21 http://seleniumhq.org/ 

22 http://phpunit.de/manual/current/en/selenium.html 

23 https://github.com/padraic/mockery 

24 http://phpunit.de/ 

25 http://www.phpspec.net/ 

26 https://github.com/phpspec/prophecy 

27 http://www.phpspec.net/ 

28 http://phpunit.de/ 
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PHP applications can be deployed and run on production web servers in a number of ways. 

12.1 Platform as a Service (PaaS) 

PaaS provides the system and network architecture necessary to run PHP applications on the web. This means 
little to no configuration for launching PHP applications or PHP frameworks. 

Recently PaaS has become a popular method for deploying, hosting, and scaling PHP applications of all sizes. 
You can find a list of PHP PaaS "Platform as a Service" providers in our resources section. 

12.2 Virtual or Dedicated Servers 

If you are comfortable with systems administration, or are interested in learning it, virtual or dedicated servers 
give you complete control of your application's production environment. 

nginx and PHP-FPM 

PHP, via PHP's built-in FastCGI Process Manager (FPM), pairs really nicely with nginx 1 , which is a 
lightweight, high-performance web server. It uses less memory than Apache and can better handle more 
concurrent requests. This is especially important on virtual servers that don't have much memory to spare. 

• Read more on nginx 2 

. Read more on PHP-FPM 3 

• Read more on setting up nginx and PHP-FPM securely 4 

Apache and PHP 

PHP and Apache have a long history together. Apache is wildly configurable and has many available modules 5 
to extend functionality. It is a popular choice for shared servers and an easy setup for PHP frameworks and 
open source apps like WordPress. Unfortunately, Apache uses more resources than nginx by default and cannot 
handle as many visitors at the same time. 

Apache has several possible configurations for running PHP. The most common and easiest to setup is the 
prefork MPM 6 with mod_php5. While it isn't the most memory efficient, it is the simplest to get working and 

'http://nginx.org/ 
2 http://nginx.org/ 
3 http://php.net/install.fpm 

4 https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-and-nginx-dont-trust-the-tutorials-check-your-configuration/ 

5 http://httpd.apache.org/docs/2.4/mod/ 

6 http://httpd.apache.org/docs/2.4/mod/prefork.html 
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to use. This is probably the best choice if you don't want to dig too deeply into the server administration 
aspects. Note that if you use mod_php5 you MUST use the prefork MPM. 

Alternatively, if you want to squeeze more performance and stability out of Apache then you can take 
advantage of the same FPM system as nginx and run the worker MPM 7 or event MPM 8 with mod_fastcgi 
or mod_fcgid. This configuration will be significantly more memory efficient and much faster but it is more 
work to set up. 

• Read more on Apache 9 

• Read more on Multi-Processing Modules 10 

• Read more on mod fastcgi 11 

• Read more on mod fcgid 12 

12.3 Shared Servers 

PHP has shared servers to thank for its popularity. It is hard to find a host without PHP installed, but be sure 
it's the latest version. Shared servers allow you and other developers to deploy websites to a single machine. 
The upside to this is that it has become a cheap commodity. The downside is that you never know what kind 
of a ruckus your neighboring tenants are going to create; loading down the server or opening up security 
holes are the main concerns. If your project's budget can afford to avoid shared servers you should. 

12.4 Building and Deploying your Application 

If you find yourself doing manual database schema changes or running your tests manually before updating 
your files (manually), think twice! With every additional manual task needed to deploy a new version of 
your app, the chances for potentially fatal mistakes increase. Whether you're dealing with a simple update, a 
comprehensive build process or even a continuous integration strategy, build automation 13 is your friend. 

Among the tasks you might want to automate are: 

• Dependency management 

• Compilation, minification of your assets 

• Running tests 

• Creation of documentation 

• Packaging 

• Deployment 

7 http://httpd.apache.org/docs/2.4/mod/worker.html 

8 http://httpd.apache.org/docs/2.4/mod/event.html 

'http://httpd.apache.org/ 

10 http://httpd.apache.org/docs/2.4/mod/mpm_common.html 
1 'httpV/www.fastcgi.com/ modfastcgi/docs/modfastcgi.html 
12 http://httpd.apache.org/mod_fcgid/ 
13 http://en. wikipedia.org/wiki/Build_automation 
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Build Automation Tools 



Build tools can be described as a collection of scripts that handle common tasks of software deployment. The 
build tool is not a part of your software, it acts on your software from 'outside'. 

There are many open source tools available to help you with build automation, some are written in PHP 
others aren't. This shouldn't hold you back from using them, if they're better suited for the specific job. Here 
are a few examples: 

Phing 14 is the easiest way to get started with automated deployment in the PHP world. With Phing you can 
control your packaging, deployment or testing process from within a simple XML build file. Phing (which is 
based on Apache Ant 15 ) provides a rich set of tasks usually needed to install or update a web app and can be 
extended with additional custom tasks, written in PHP. 

Capistrano 16 is a system for intermediate-to-advanced programmers to execute commands in a structured, 
repeatable way on one or more remote machines. It is pre-configured for deploying Ruby on Rails applications, 
however people are ** successfully deploying PHP systems** with it. Successful use of Capistrano depends on 
a working knowledge of Ruby and Rake. 

Dave Gardner's blog post PHP Deployment with Capistrano 17 is a good starting point for PHP developers 
interested in Capistrano. 

Chef 18 is more than a deployment framework, it is a very powerful Ruby based system integration framework 
that doesn't just deploy your app but can build your whole server environment or virtual boxes. 

Deployer 19 is a deployment tool written in PHP, it's simple and functional. Deploy your code to all servers 
you want, it supports deploy via copy, or via VCS (like git), or via rsync. Run your tasks on all your servers, 
or use our recipes of common tasks for Symfony, Laravel, Zend Framework and Yii. 



Chef resources for PHP developers: 

• Three part blog series about deploying a LAMP application with Chef, Vagrant, and EC2 20 

• Chef Cookbook which installs and configures PHP 5.3 and the PEAR package management system 21 

• Chef video tutorial series 22 by Opscode, the makers of chef 



Further reading: 



• Automate your project with Apache Ant 23 

14 http://www.phing.info/ 
15 http://ant.apache.org/ 

16 https://github.com/capistrano/capistrano/wiki 

17 http://www.davegar dner.me.uk/blog/2012/02/13/php-deployment-with-capistrano/ 

18 http://www.opscode. com/chef/ 

"http://deployer.in/ 

20 http://www.jasongrimes.org/2012/06/managing- lamp- environments- with-chef- vagrant- and-ec2-l-of- 3/ 
zl https://github.com/opscode-cookbooks/php 

22 https://www.youtube.com/playlist?list=PLrmstJpucjzWKtleWLv88ZFY4RljW8amR 
23 http://net.tutsplus.com/tutorials/other/automate-your- projects- with- apache- ant/ 
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Continuous Integration 

Continuous Integration is a software development practice where members of a team integrate 
their work frequently, usually each person integrates at least daily a€" leading to multiple inte- 
grations per day. Many teams find that this approach leads to significantly reduced integration 
problems and allows a team to develop cohesive software more rapidly. 

- Martin Fowler 

There are different ways to implement continuous integration for PHP. Recently Travis CI 24 has done a 
great job of making continuous integration a reality even for small projects. Travis CI is a hosted continuous 
integration service for the open source community. It is integrated with GitHub and offers first class support 
for many languages including PHP. 

Further reading: 

• Continuous Integration with Jenkins 25 

• Continuous Integration with PHPCI 26 

• Continuous Integration with Teamcity 27 



'https://travis-ci.org/ 
'http://jenkins-ci.org/ 
'http://www.phptesting.org/ 
http://www.jetbrains.com/teamcity/ 



13. Virtualization 



Running your application on different environments in development and production can lead to strange bugs 
popping up when you go live. It's also tricky to keep different development environments up to date with the 
same version for all libraries used when working with a team of developers. 

If you are developing on Windows and deploying to Linux (or anything non-Windows) or are developing 
in a team, you should consider using a virtual machine. This sounds tricky but besides the widely known 
virtualization environments like VMware or VirtualBox, there are additional tools that may help you setting 
up a virtual environment in a few easy steps. 

13.1 Vagrant 

Vagrant 1 helps you build your virtual boxes on top of the known virtual environments and will configure 
these environments based on a single configuration file. These boxes can be set up manually, or you can use 
"provisioning" software such as Puppet 2 or Chef 3 to do this for you. Provisioning the base box is a great way 
to ensure that multiple boxes are set up in an identical fashion and removes the need for you to maintain 
complicated "set up" command lists. You can also "destroy" your base box and recreate it without many 
manual steps, making it easy to create a "fresh" installation. 

Vagrant creates folders for sharing your code between your host and your virtual machine, which means that 
you can create and edit your files on your host machine and then run the code inside your virtual machine. 

A little help 

If you need a little help to start using Vagrant there are some services that might be useful: 

• Rove 4 : service that allows you to pre-generate typical Vagrant builds, PHP among the options. The 
provisioning is made with Chef. 

• Puphpet 5 : simple GUI to set up virtual machines for PHP development. Heavily focused in PHP. 
Besides local VMs, it can be used to deploy to cloud services as well. The provisioning is made with 
Puppet. 

• Protobox 6 : is a layer on top of vagrant and a web GUI to setup virtual machines for web development. 
A single YAML document controls everything that is installed on the virtual machine. 

• Phansible 7 : provides an easy to use interface that helps you generate Ansible Playbooks for PHP based 
projects. 

'http^/vagrantup.com/ 

2 http://www.puppetlabs.com/ 

3 http://www.opscode.com/ 

"http://rove.io/ 

5 https://puphpet.com/ 

6 http://getprotobox.com/ 

7 http://phansible.com/ 
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13.2 Docker 

Beside using Vagrant, another easy way to get a virtual development or production environment up and 
running is Docker 8 . Docker helps you to provide Linux containers for all kind of applications. There are many 
helpful docker images which could provide you with other great services without the need to install these 
services on your local machine, e.g. MySQL or PostgreSQL and a lot more. Have a look at the Docker Hub 
Registry 9 to search a list of available pre-built containers, which you can then run and use in very few steps. 

Example: Runnning your PHP Applications in Docker 

After you installed docker 10 on your machine, you can start an Apache with PHP support in one step. The 
following command will download a fully functional Apache installation with the latest PHP version and 
provide the directory /path/to/your/php/f iles at http : //localhost : 8080: 

1 docker run -d --name my-php-webserver -p 8080:80 -v /path/to/your/php/files:/var/www/html/\ 

2 php: apache 

After running docker run your container is initialized and running. If you would like to stop or start your 
container again, you can use the provided name attribute and simply run docker stop my-php-webserver 
and docker start my-php-webserver without providing the above mentioned parameters again. 

Learn more about Docker 

The commands mentioned above only show a quick way to run an Apache web server with PHP support but 
there are a lot more things that you can do with Docker. One of the most important things for PHP developers 
will be linking your web server to a database instance, for example. How this could be done is well described 
within the Docker User Guide 11 . 

• Docker Website 12 

• Docker Installation 13 

• Docker Images at the Docker Hub Registry 14 

• Docker User Guide 15 



8 http://docker.com/ 

'https://registry.hub.docker.com/ 
10 https://docs. docker.com/installation/ 
"https://docs.docker.com/userguide/ 
12 http://docker.com/ 
13 https://docs. docker. com/installation/ 
14 https://registry.hub. docker.com/ 
15 https://docs. docker.com/userguide/ 
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PHP is pretty quick by itself, but bottlenecks can arise when you make remote connections, load files, etc. 
Thankfully, there are various tools available to speed up certain parts of your application, or reduce the number 
of times these various time-consuming tasks need to run. 

14.1 Opcode Cache 

When a PHP file is executed, under the hood it is first compiled to opcodes and, only then, the opcodes are 
executed. If a PHP file is not modified, the opcodes will always be the same. This means that the compilation 
step is a waste of CPU resources. 

This is where opcode caches come in. They prevent redundant compilation by storing opcodes in memory 
and reusing it on successive calls. Setting up an opcode cache takes a matter of minutes, and your application 
will speed up significantly. There's really no reason not to use it. 

As of PHP 5.5, there is a built-in opcode cache called OPcache 1 . It is also available for earlier versions. 
Read more about opcode caches: 

. OPcache 2 (built-in since PHP 5.5) 

. APC 3 (PHP 5.4 and earlier) 

• XCache 4 

• Zend Optimizer+ 5 (part of Zend Server package) 

• WinCache 6 (extension for MS Windows Server) 

• list of PHP accelerators on Wikipedia 7 

14.2 Object Caching 

There are times when it can be beneficial to cache individual objects in your code, such as with data that is 
expensive to get or database calls where the result is unlikely to change. You can use object caching software 
to hold these pieces of data in memory for extremely fast access later on. If you save these items to a data 
store after you retrieve them, then pull them directly from the cache for following requests, you can gain a 
significant improvement in performance as well as reduce the load on your database servers. 

'httpV/php.net/book.opcache 

2 http://php.net/book.opcache 

3 http://php.net/book.apc 

4 http://xcache.lighttpd.net/ 

5 http://www.zend. com/products/server/ 

6 http://www.iis .net/download/ wincacheforphp 

7 http://en. wikipedia.org/wiki/List_of_PHP_accelerators 
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Many of the popular bytecode caching solutions let you cache custom data as well, so there's even more reason 
to take advantage of them. APCu, XCache, and WinCache all provide APIs to save data from your PHP code 
to their memory cache. 

The most commonly used memory object caching systems are APCu and memcached. APCu is an excellent 
choice for object caching, it includes a simple API for adding your own data to its memory cache and is very 
easy to setup and use. The one real limitation of APCu is that it is tied to the server it's installed on. Memcached 
on the other hand is installed as a separate service and can be accessed across the network, meaning that you 
can store objects in a hyper-fast data store in a central location and many different systems can pull from it. 

Note that when running PHP as a (Fast-)CGI application inside your webserver, every PHP process will have 
its own cache, i.e. APCu data is not shared between your worker processes. In these cases, you might want to 
consider using memcached instead, as it's not tied to the PHP processes. 

In a networked configuration APCu will usually outperform memcached in terms of access speed, but 
memcached will be able to scale up faster and further. If you do not expect to have multiple servers running 
your application, or do not need the extra features that memcached offers then APCu is probably your best 
choice for object caching. 

Example logic using APCu: 

1 <?php 

2 // check if there is data saved as ' expensive_data ' in cache 

3 $data = apc_fetch( ' expensive_data ' ) ; 

4 if ($data === false) { 

5 // data is not in cache; save result of expensive call for later use 

6 apc_add( ' expensive_data ' , $data = get_expensive_data( ) ) ; 

7 } 
8 

9 print_r($data) ; 

Note that prior to PHP 5.5, APC provides both an object cache and a bytecode cache. APCu is a project to 
bring APC's object cache to PHP 5.5+, since PHP now has a built-in bytecode cache (OPcache). 

Learn more about popular object caching systems: 

. APCu 8 

• APC Functions 9 

• Memcached 10 
. Redis 11 

. XCache APIs 12 

• WinCache Functions 13 



8 https://github.com/krakjoe/apcu 

'http://php.net/ref.apc 
10 http://memcached.org/ 
"http://redis.io/ 

12 http://xcache.lighttpd.net/wiki/XcacheApi 
13 http://php.net/ref.wincache 
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15.1 PHPDoc 

PHPDoc is an informal standard for commenting PHP code. There are a lot of different tags 1 available. The 
full list of tags and examples can be found at the PHPDoc manual 2 . 

Below is an example of how you might document a class with a few methods; 



1 <?php 

2 /** 

3 * §author A Name <a.name§example.com> 

4 * §link http://www.phpdoc.org/docs/latest/index.html 

5 * §package helper 

6 V 

7 class DateTimeHelper 

8 { 

9 /** 

10 * §param mixed $anything Anything that we can convert to a \DateTime object 

11 * 

12 * §return \DateTime 

13 * §throws \Inval idArgumentException 

14 */ 

15 public function dateTimeFromAnything($anything) 

16 { 

17 $type = gettype($anything ) ; 

18 

19 switch ($type) { 

20 // Some code that tries to return a \DateTime object 

21 } 
22 

throw new \Inval idArgumentException( 

24 "Failed Converting param of type ' {$type} ' to DateTime object" 

25 ); 

26 } 
27 

28 /** 

29 * §param mixed $date Anything that we can convert to a \DateTime object 

30 * 

31 * §return void 

'httpV/www.phpdoc.org/docs/latest/references/phpdoc/tags/index.html 
2 http://www.phpdoc.org/docs/latest/index.html 
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32 */ 

33 public function print I SO8601 Date ($date) 

34 { 

35 echo $this- >dateTimeFromAnything($date) - > format( ' c ' ) ; 

36 } 
37 

38 /** 

* @param mixed $date Anything that we can convert to a \DateTime object 

40 */ 

41 public function printRFC2822Date($date) 

42 { 

43 echo $this- >dateTimeFromAnything($date) - > format( ' r ' ) ; 

44 } 



45 } 

The documentation for the class as a whole firstly has the @author 3 tag, this tag is used to document the 
author of the code and can be repeated for documenting several authors. Secondly is the @link 4 tag, used to 
link to a website indicating a relationship between the website and the code. Thirdly it has the ©package 5 
tag, used to categorize the code. 

Inside the class, the first method has an @param 6 tag documenting the type, name and description of the 
parameter being passed to the method. Additionally it has the @return 7 and @throws 8 tags for documenting 
the return type, and any exceptions that could be throw respectively. 

The second and third methods are very similar and have a single @param 9 tag as did the first method. 
The import difference between the second and third method is doc block is the inclusion/ exclusion of the 
@return 10 tag. §return void explicitly informs us that there is no return, historically omitting the ©return 
void statement also results in the same (no return) action. 

3 http://www.phpdoc.org/docs/latest/references/phpdoc/tags/author.html 
4 http://www.phpdoc.org/docs/latest/references/phpdoc/tags/link.html 
5 http://www.phpdoc.org/docs/latest/references/phpdoc/tags/package.html 
6 http://www.phpdoc.org/docs/latest/references/phpdoc/tags/param.html 
7 http://www.phpdoc.org/docs/latest/references/phpdoc/tags/return.html 
8 http://www.phpdoc.org/docs/latest/references/phpdoc/tags/throws.html 
'http://www.phpdoc.org/docs/latest/references/phpdoc/tags/param.html 
10 http://www.phpdoc.org/docs/latest/references/phpdoc/tags/return.html 
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16.1 From the Source 

. PHP Website 1 

• PHP Documentation 2 

16.2 People to Follow 

• Rasmus Lerdorf 3 

• Fabien Potencier 4 

• Derick Rethans 5 
. Chris Shiflett 6 

• Sebastian Bergmann 7 

• Matthew Weier O'Phinney 8 
. PKEdraic Brady 9 

• Anthony Ferrara 10 

• Nikita Popov 11 

16.3 Mentoring 

• phpmentoring.org 12 - Formal, peer to peer mentoring in the PHP community. 

16.4 PHP PaaS Providers 

• PagodaBox 13 

• AppFog 14 

1 http://php.net/ 

2 http://php.net/docs.php 

3 http://twitter.com/rasmus 

4 http://twitter.com/fabpot 

5 http://twitter.com/derickr 

6 http://twitter.com/shiflett 

7 http://twitter.com/s_bergmann 

8 http://twitter.com/mwop 

'http://twitter.com/padraicb 
10 http://twitter.com/ircmaxell 
"httpV/twitter.com/nikitappv 
12 http://phpmentoring.org/ 
13 https://pagodabox.com/ 
14 https://appfog.com/ 
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• Heroku 15 

• fortrabbit 16 

• Engine Yard Cloud 17 

. Red Hat OpenShift Platform 18 
. dotCloud 19 

• AWS Elastic Beanstalk 20 

• cloudControl 21 

• Windows Azure 22 

• Google App Engine 23 

• Jelastic 24 

16.5 Frameworks 

Rather than re-invent the wheel, many PHP developers use frameworks to build out web applications. 
Frameworks abstract away many of the low-level concerns and provide helpful, easy-to-use interfaces to 
complete common tasks. 

You do not need to use a framework for every project. Sometimes plain PHP is the right way to go, but if you 
do need a framework then there are three main types available: 

• Micro Frameworks 

• Full-Stack Frameworks 

• Component Frameworks 

Micro-frameworks are essentially a wrapper to route a HTTP request to a callback, controller, method, etc 
as quickly as possible, and sometimes come with a few extra libraries to assist development such as basic 
database wrappers and the like. They are prominently used to build remote HTTP services. 

Many frameworks add a considerable number of features on top of what is available in a micro-framework 
and these are known Full-Stack Frameworks. These often come bundled with ORMs, Authentication packages, 
etc. 

Component-based frameworks are collections of specialized and single-purpose libraries. Disparate component- 
based frameworks can be used together to make a micro- or full-stack framework. 

• Popular PHP Frameworks 25 

15 https://devcenter .heroku.com/categories/php 
"http://fortrabbit.com/ 

l7 https://www.engineyard. com/products/cloud 

18 http://openshift.com 

19 http://docs. dotcloud.com/services/php/ 

20 http://aws.amazon.com/elasticbeanstalk/ 

21 https://www.cloudcontrol.com/ 

22 http://www. windowsazure.com/ 

23 https://developers. google.com/appengine/docs/php/gettingstarted/ 
24 http://jelastic.com/ 

25 https://github.com/codeguy/php-the-right-way/wiki/Frameworks 
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16.6 Components 

As mentioned above "Components" are another approach to the common goal of creating, distributing and 
implementing shared code. Various component repositories exist, the main two of which are: 

• Packagist 26 

• PEAR 27 



Both of these repositories have command line tools associated with them to help the installation and upgrade 
processes, and have been explained in more detail in the Dependency Management 28 section. 

There are also component-based frameworks and component-vendors that offer no framework at all. These 
projects provide another source of packages which ideally have little to no dependencies on other packages, 
or specific frameworks. 

For example, you can use the FuelPHP Validation package 29 , without needing to use the FuelPHP framework 
itself. 



• Aura 30 

• FuelPHP 31 

• Hoa Project 32 

• Orno 33 

• Symfony Components 34 

• The League of Extraordinary Packages 

• Laravel's Illuminate Components 

- Eloquent ORM 36 

- Queue 37 



Laravel's Illuminate components 3 * will become better decoupled from the Laravel framework. For now, only 
the components best decoupled from the Laravel framework are listed above. 

z6 /#composer_and_packagist 
27 /#pear 

z8 /#dependency_management 

29 https://github.com/fuelphp/validation 

30 http://auraphp.com/packages/v2 

31 https://github.com/fuelphp 

32 https://github.com/hoaproject 

33 https://github.com/ orno 

34 http://symfony.com/doc/current/components/index.html 
35 http://thephpleague.com/ 
36 https://github. com/illuminate/database 
37 https://github. com/illuminate/queue 
38 https://github. com/illuminate 



Resources 60 



16.7 Other Useful Resources 



Cheatsheets 



• PHP Cheatsheets 39 - for variable comparisons, arithmetics and variable testing in various PHP versions 
. PHP Security Cheatsheet 40 



More best practices 

. PHP Best Practices 41 

• Best practices for Modern PHP Development 



PHP universe 



. PHP Developer blog' 



16.8 Video Tutorials 



Paid Videos 



Standards and Best practices 44 
PHP Training on Pluralsight 45 



16.9 Books 



There are a lot of books around for PHP but some are sadly now quite old and no longer contain accurate 
information. There are even books published for "PHP 6" which does not exist, and will not now ever exist. 
The next major version of PHP will be named "PHP 7" because of those books. 

This section aims to be a living document for recommended books on PHP development in general. If you 
would like your book to be added, send a PR and it will be reviewed for relevancy. 



Free Books 



• PHP The Right Way 46 - This website is available as a book completely for free. 

3 'http://phpcheatsheets.com/ 

40 https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet 
"https://phpbestpractices.org/ 

42 https://www.airpair.com/php/posts/best- practices- for- modern- php- development 
43 http://blog. phpdeveloper.org/ 

44 http://teamtreehouse. com/library/ standards- and-best-practices 

45 http://www.pluralsight.com/search/?searchTerm=php 

46 https://leanpub.com/phptherightway/ 
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Paid Books 

• Modernizing Legacy Applications In PHP 47 - Get your code under control in a series of small, specific 
steps 

• Building Secure PHP Apps 48 - Learn the security basics that a senior developer usually acquires over 
years of experience, all condensed down into one quick and easy handbook 

• The Grumpy Programmer's Guide To Building Testable PHP Applications 49 - Learning to write testable 
doesn't have to suck 

• Securing PHP: Core Concepts 50 - A guide to some of the most common security terms and provides 
some examples of them in every day PHP 

• Scaling PHP 51 - Stop playing sysadmin and get back to coding 

• Signaling PHP 52 - PCNLT signals are a great help when writing PHP scripts that run from the command 
line. 



47 https://leanpub.com/mlaphp 

48 https://leanpub.com/buildingsecurephpapps 

49 https://leanpub. com/grumpy- testing 

50 https://leanpub.com/securingphp-coreconcepts 

51 https://leanpub.com/scalingphp 

52 https://leanpub.com/signalingphp 



17. Community 



The PHP community is as diverse as it is large, and its members are ready and willing to support new PHP 
programmers. Consider joining your local PHP user group (PUG) or attending larger PHP conferences to learn 
more about the best practices shown here. You can hang out on IRC in the #phpc channel on irc.freenode.com 1 
and follow the @phpc 2 twitter account. Get out there, meet new developers, learn new topics, and above 
all, make new friends! Other community resources include the Google+ PHP Programmer community 3 and 
StackOverflow 4 . 

Read the Official PHP Events Calendar 5 

17.1 PHP User Groups 

If you live in a larger city, odds are there's a PHP user group nearby. You can easily find your local PUG at the 
usergroup-list at php.net 6 which is based upon PHP.ug 7 . Alternate sources might be Meetup.com 8 or a search 
for php user group near me using your favourite search engine (i.e. Google 9 ). If you live in a smaller town, 
there may not be a local PUG; if that's the case, start one! 

Special mention should be made of two global user groups: NomadPHP 10 and PHPWomen 11 . NomadPHP 12 
offers twice monthly online user group meetings with presentations by some of the top speakers in the PHP 
community. PHPWomen 13 is a non-exclusive user group originally targeted towards the women in the PHP 
world. Membership is open to everyone who supports a more diverse community. PHPWomen provide a 
network for support, mentorship and education, and generally promote the creating of a "female friendly" 
and professional atmosphere. 

Read about User Groups on the PHP Wiki 14 

17.2 PHP Conferences 

The PHP community also hosts larger regional and national conferences in many countries around the world. 
Well-known members of the PHP community usually speak at these larger events, so it's a great opportunity 
to learn directly from industry leaders. 

'http^/webchat.freenode.net/Vchannelssphpc 
2 https://twitter.com/phpc 

3 https://plus.google.com/u/0/communities/104245651975268426012 

4 http://stackoverflow.com/questions/tagged/php 

5 http://php.net/cal.php 

6 http://php.net/ug.php 

7 http://php.ug/ 

8 http://www.meetup. com/find/ 

'https://www.google.com/search?q=php+user+group+near+me 
10 https://nomadphp.com/ 
1 'httpV/phpwomen.org/ 
12 https://nomadphp.com/ 
13 http://phpwomen.org/ 
14 https://wiki.php.net/usergroups 
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Find a PHP Conference 15 



15 http://php. net/conferences/index. php 



